Iran Hit by Most Complex Computer Virus
Computers across Middle East infected with Flame, “an industrial vacuum cleaner for sensitive information.”
| Posted Monday, May 28, 2012, at 4:06 PM
Photo by NIMA DAYMARI/AFP/Getty Images
Security experts have discovered a complex computer virus that has been collecting private data across the Middle East in what is believed to be a case of state-sponsored espionage, reports Reuters. The malware, which was dubbed “Flame” by Russian-based Kaspersky Labs has been “infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied territories and other countries in the Middle East and North Africa for at least two years,” notes Wired.
Kaspersky described Flame as “one of the most complex threats ever discovered.” The company isn’t the only one that thinks so. “I would say that this is the most sophisticated threat we have ever seen,” a senior analyst at Symantec agreed, according to the Guardian. One expert tells the BBC that Flame is “basically an industrial vacuum cleaner for sensitive information.”
What seems to have shocked security analysts the most is the sheer size of Flame’s code, which is around 20 times larger than the Stuxnext virus that hit Iran’s nuclear power plants. (Last year, a New York Times investigation revealed Stuxnet was the result of a joint Israeli and U.S. operation.) The size and sophistication of the code leads everyone to suspect this was the work of a country and not independent cybercriminals.
The Guardian says the virus, which other security analysts have dubbed W32.Flamer, appears to have been aimed at a small number of organizations in Iran, the West Bank, Lebanon, and the United Arab Emirates. The attack reportedly forced Iran to disconnect six of its main oil terminals from the Internet to stop the malware from spreading. That has immediately raised suspicion that Israel and/or the United States could be involved.
Indeed, there’s strong suspicion that Flame and Stuxnet could be connected. Iran’s Computer Emergency Response Team has said the recently discovered malware was “a close relation” of Stuxnet but independent experts say the connection isn’t conclusive although it’s clear they both share some features, reports the Telegraph. Unlike Stuxnet, which was designed to destroy equipment, Flame covertly gathered and sent information. That means it’s likely the malware managed to puck up lots of data long before it was detected.
Flame “is more like a toolkit for compiling different code based weapons than a single tool,” writes professor Alan Woodward in the BBC. “It can steal everything from the keys you are pressing to what is on your screen to what is being said near the machine.”
