Computer security software company Symantec today said it could not verify Iran’s claims of new worm, dubbed ‘Stars’ by the commander of civil defense force of Iran. The company’s security response group has not found an example of the worm.
"Generally, samples of malware do get traded among security vendors," said Kevin Haley, the director of Symantec's security response group. ”Iran makes this a little more difficult, because we have no direct relationships there," added Haley. "But perhaps someone else does" [Computerworld, 26 April].
No other security vendor, including Helsinki-based F-Secure and UK’s Sophos, has stepped forward to say it has a copy of Stars. It's possible that Stars was not a targeted attack aimed at Iran, but simply part of a more traditional broad-based assault, said Haley.
"It could be a mass attack that got through their defenses," Haley said. "That could have raised the alarm. They're already paranoid about attacks."
"We can't tie this case to any particular sample we might already have," said Mikko Hypponen, F-Secure's chief research officer. "We don't know if Iran officials have just found some ordinary Windows worm and announced it to be a cyber war attack." [Computerworld, 26 April].
Graham Cluley, a senior security technology consultant at Sophos, also said his company had not been able to identify the malware.