Friday, December 19, 2014


Iran

Flame, 'The Most Powerful Virus To Date'

It's thought that Flame has been infecting Iranian computers for a number of years.
It's thought that Flame has been infecting Iranian computers for a number of years.
By Charles Recknagel
Someone is infecting Iran's computers with what experts call "the most powerful virus to date." Here are four things to know about the virus, dubbed Flame.

What is Flame and what does it do?

Flame is a computer virus that Tehran says is infecting its computers and which independent experts say is the most powerful virus yet seen. The virus appears to be a major escalation in the cyberwar that some governments concerned by Iran's nuclear program are suspected of waging against Tehran to sabotage its progress.

The virus infects computers in order to spy on users, steal classified information, and cause the mass deletion of data. It does this by sniffing network traffic, taking screenshots, recording audio conversations, and intercepting keyboard activity. The data it collects is relayed back to the virus's creators.

Just which computers Flame is targeting in Iran and what damage it has done so far is unknown. Iranian experts discovered the virus on computers in the Iranian Oil Ministry and National Oil Company in recent months and it only became publicly known this week after Tehran asked a UN agency to help investigate.

The agency asked a private Russian antivirus software company, Kaspersky Lab in Moscow, to look into the virus and the laboratory publicly described it as "one of the most complex threats ever discovered." 

Flame may also be one of the sneakiest bits of malware – or malevolent software -- ever found.

"Its job seems to be to spy on computers, which is not super new, we have seen this with other malware, but what is so interesting is that it has been doing this for about two years now and no-one discovered that until now," say Magnus Kalkuhl of Kaspersky Lab.

What's New About Flame?

Flame comprehensively does with one virus what cyberwarriors have previously had to deploy many separate viruses to do. That completeness means it can deliver to operators a more integrated picture than ever before of what a computer is being used for.

Boldizsar Bencsath, a computer expert at Budapest University's Laboratory of Cryptography and Systems Security, has been analyzing the virus after some users also found Flame watching their computers in Hungary.

According to him, the individual things Flame does are not unique or unknown. But what is unique is putting all those functions in a single, enormously large software package.

"Generally speaking, [Flame's] functionality is similar to other malware components that for example, record keyboard activities," he says. "The unusual thing is that it is complex, highly complex. That means that there are lots of different functionality modules in the code and therefore the code is enormously large."

The Kaspersky Lab says the Flame software package totals almost 20 Mb in size when fully deployed. That is astonishingly big compared to most viruses, which usually depend on small amounts of software to make them easy to hide.

Who developed Flame and why?

It is too early to know. But the complexity of the software package indicates it was developed over a period of years and specifically by a government for espionage purposes, not by a criminal group or hackers.

Iran said on May 28 that Flame shows a "close relationship" to Stuxnet, a virus that attacked Iran's nuclear program in 2010 and which Tehran has previously accused Israel and the United States of deploying.

But the Kaspersky Lab, which calls Flame "20 times more complicated than Stuxnet, says there is no information in the virus' code that can tie Flame to any specific nation state.

Could Flame attack my home computer?

It's been reported that Flame has infected computers in Iran and the Kaspersky Lab has also detected it on the computers of some of its customers in Middle Eastern countries -- Israel, the Palestinian territories, Egypt, Sudan, and Syria.

It also has been found on some computers in Hungary, presumably with connections to the Middle East.

But all indications are that the infections are targeted attacks for a specific purpose.

"This is a targeted attack, says Bencsath. "This tool is used for targeted attacks; that means that normal home computers most likely are not at any risk."

With reporting by Tohir Safarov from RFE/RL's Tajik Service
This forum has been closed.
Comment Sorting
Comments
     
by: kafantaris from: USA
May 29, 2012 22:07
Only four countries had the technical know-how to develop the Flame virus: "Israel, the U.S., China and Russia."
Since the virus was obviously intended for Iran, we can eliminate its friends China and Russia.
This leaves only Israel and us.
Having thoroughly demonized Iran, anything we do to it has become fair game.
But there is nothing fair or right about taking another country's data. Certainly we would not want China or Russia taking out data and spreading it to 80 separate servers.
As a leader of the world community aspiring for governance through universal fairness, we can no longer afford to follow the beaten path of expediency chosen by Israel. Doing so will not only deprive us of our moral authority, but will also squander our unique opportunity to fashion a more just and fair world.
In Response

by: Andre from: canada
May 31, 2012 15:40
re: "But there is nothing fair or right about taking another country's data."
It seems to me Iran has repeatedly threatened to destroy Israel. As a sovereign independent country, Israel has a right to defend itself.
In Response

by: tara from: canada
June 05, 2012 14:36
actually, iran has never threatened israel. the president denied the holocaust, (which isn't threatening israel, and on top of that he has no power over launching a foreign attack, that power lies only with the supreme leader). the only "threats" against israel made by the supreme leader were in connection to a counter-attack (if israel attacks first). the media likes to war-monger, but let's not go down the same path that we went with iraq.

by: Jack from: US
May 30, 2012 17:26
the fact that virus has been discovered and can now be studied makes it a huge intelligence breach for US, much bigger than capture of US drone by Iran. Think about how many millions US government has spent developing this software, while the benefits are close to non-existent - everyone knows Iran is developing nuclear technology, and mega-millions of taxpayers money US government wastes on trying to stop it via some covert sabotage will only make Iran stronger at the end. While the real enemies of American people - Wahhabi Sunni militants sponsored by Saudi Arabia are busy killing Americans in Afghanistan and plotting next 9/11 attacks. Good job US government

Most Popular