Meet “Flame”, the newest and most powerful cyber-virus to hit Iranian computers, as well as many more around the Middle East. However, there is a twist in this
tail tale, since the virus has apparently also infected Israeli computers, at least according to this Jerusalem Post report:
Security experts have discovered a new data-stealing virus dubbed Flame, and found that the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.
Experts say the virus has lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.
It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab’s work were made available on Monday.
“If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Schouwenberg said in an interview.
The Moscow-based company is controlled by Russian malware researcher Eugene Kaspersky, and gained notoriety in cyber weapons research after solving several mysteries surrounding Stuxnet and Duqu.
If the Lab’s analysis is correct, Flame could be the third major cyber weapon uncovered after the Stuxnet virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.
The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information, Schouwenberg said.
He said there was evidence to suggest the code was commissioned by the same nation or nations that were behind Stuxnet and Duqu, which were built on a common platform.
Both Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, he said.
Schouwenberg said he believed the attack was highly targeted, aimed mainly at businesses and academic institutions.
He estimated that no more than 5,000 personal computers around the world have been infected, including a handful in North America.
The Times of Israel places the geographical spread of the virus somewhat differently:
A new, unprecedented computer virus called “Flame” (or “sKyWIper”) has hit Iran, the West Bank, and other Middle Eastern locations. It is already considered one of the most sophisticated cyber weapons ever unleashed. Internet security company Kaspersky said Monday that Flame was the “most complex piece of malicious software discovered to date.”
The cyber-espionage worm, designed to collect and delete sensitive information, is said to have 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility (and some 16,000 computers), causing centrifuges to fail. Iran blamed Israel and the US for its creation. [Of course -Ed.]
The country with the largest number of machines infected by Flame is believed to be Iran, following by the West Bank, and Sudan and Syria after that. Lebanon, Saudi Arabia, and Egypt have also been affected.
Is this just a “regular” virus? A money-making brainwave from Kaspersky – invent a virus and then sell us the cure?
Or was it…. Shhh… you know who… Cue scary music…