A powerful data-snatching virus targeting computers in Iran, Israel and other Middle Eastern countries has been discovered by Russian experts. The worm has been used for years for what seems to be state-sponsored cyber espionage.
Russian cyber-security company Kaspersky Lab says the malware, codenamed Flame, is the largest and one of the most complex cyber-attacks ever discovered. It reports that the most severely affected computers are in Iran – but Israel, Syria and other countries across the Middle East have also been infected.
Kaspersky’s first recorded instance of Flame dates back to August 2010, although the firm admits the worm could have been stealing data for years before that. The virus may also have been built on behalf of the same nation or nations that commissioned the Stuxnet virus that affected the Iranian nuclear program in 2010.
The Moscow-based company said on Monday that its researchers had yet to determine whether Flame had a specific mission, like Stuxnet or Duqu – another massive cyber-attack that had sought to infiltrate networks and steal data.
Flame’s code appears to be twenty times the size of Stuxnet’s. The malware is able to gather data files, remotely change settings on computers, turn on PC microphones or webcams in order to record conversations and video, take screen shots – and eventually send the data back to the attackers.
“Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on,” Kaspersky’s chief malware expert Vitaly Kamlyuk told BBC.
The complexity of the virus and the targets that have been hit led Kaspersky Lab to believe that this a government is behind the cyber attacks. At the same time, the experts are not sure of its exact origins and have yet to determine whether Flame had a specific mission, like Stuxnet, whose attack Iran blamed on the United States and Israel.
US: ‘No comment’
Many experts believe Iran’s suspicions toward the US and Israel are not without merit. In January 2011, The New York Times came out with a report stating that both attacks originated from a joint program in 2004 aimed at undermining Iran’s alleged efforts to build a nuclear bomb. The article said the program was authorized by US President George W. Bush, and later accelerated by his successor, Barack Obama.
A spokesman for the US Department of Defense, David Oten, declined to comment on Flame on Monday, Reuters reports. The CIA, State Department, National Security Agency, and US Cyber Command declined to comment as well.
Kaspersky Lab said it discovered Flame after a UN telecommunications body asked it to analyze data on malicious software across the Middle East in search of the data-wiping virus reported by Iran.[youtube height=”400″ width=”550″]http://www.youtube.com/watch?v=mmwzhPx69-U&feature=g-u-u[/youtube]