By Jim Finkle | Reuters | 23:50 GMT +8
Powerful "Flame" cyber weapon found in Middle East
<a href="http://s1267.photobucket.com/albums/jj559/365Wildfire/?action=view&current=image2.jpg" target="_blank"><img src="http://i1267.photobucket.com/albums/jj559/365Wildfire/image2.jpg" border="0" alt="Photobucket"></a>
Security experts have discovered a new data-stealing virus dubbed "Flame" they say has lurked inside thousands of
computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.
It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher
Roel Schouwenberg, whose company discovered the virus. The results of the Lab's work were made available on Monday.
Schouwenberg said he did not know who built Flame.
If the Lab's analysis is correct, Flame could be the third major cyber weapon uncovered after the Stuxnet virus that
attacked Iran's nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.
The discovery by one of the world's largest makers of anti-virus software will likely fuel speculation that nations have
already secretly deployed other cyber weapons.
Researchers at Kaspersky said they were only starting to understand how Flame works because it is so complex. The
full significance will not be known until other cyber security firms obtain samples of Flame.
The Lab's research shows the largest number of infected machines are in Iran, followed by the Israel/Palestine region,
then Sudan and Syria.
<a href="http://s1267.photobucket.com/albums/jj559/365Wildfire/?action=view&current=images-1.jpg" target="_blank"><img src="http://i1267.photobucket.com/albums/jj559/365Wildfire/images-1.jpg" border="0" alt="Photobucket"></a>
Complex Virus
The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility,
causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information,
Schouwenberg said.
Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations,
take screen shots and log instant messaging chats.
He said there was evidence to suggest the code was commissioned by the same nation or nations that were behind
Stuxnet and Duqu, which were built on a common platform.
<a href="http://s1267.photobucket.com/albums/jj559/365Wildfire/?action=view&current=2012-05-28t145338z_1_cbre84r15dh00_rtroptp_3_iran-internetgrid-6x2.jpg" target="_blank"><img src="http://i1267.photobucket.com/albums/jj559/365Wildfire/2012-05-28t145338z_1_cbre84r15dh00_rtroptp_3_iran-internetgrid-6x2.jpg" border="0" alt="Photobucket"></a>
Both Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and
employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that
built Flame, he said.
Schouwenberg said he believed the attack was highly targeted, aimed mainly at businesses and academic institutions.
He estimated that no more than 5,000 personal computers around the world have been infected, including a handful
in North America.
Kaspersky Lab discovered Flame while investigating reports that a virus dubbed Wiper was attacking computers in Iran.
Powerful "Flame" cyber weapon found in Middle East
<a href="http://s1267.photobucket.com/albums/jj559/365Wildfire/?action=view&current=image2.jpg" target="_blank"><img src="http://i1267.photobucket.com/albums/jj559/365Wildfire/image2.jpg" border="0" alt="Photobucket"></a>
Security experts have discovered a new data-stealing virus dubbed "Flame" they say has lurked inside thousands of
computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.
It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher
Roel Schouwenberg, whose company discovered the virus. The results of the Lab's work were made available on Monday.
Schouwenberg said he did not know who built Flame.
If the Lab's analysis is correct, Flame could be the third major cyber weapon uncovered after the Stuxnet virus that
attacked Iran's nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.
The discovery by one of the world's largest makers of anti-virus software will likely fuel speculation that nations have
already secretly deployed other cyber weapons.
Researchers at Kaspersky said they were only starting to understand how Flame works because it is so complex. The
full significance will not be known until other cyber security firms obtain samples of Flame.
The Lab's research shows the largest number of infected machines are in Iran, followed by the Israel/Palestine region,
then Sudan and Syria.
<a href="http://s1267.photobucket.com/albums/jj559/365Wildfire/?action=view&current=images-1.jpg" target="_blank"><img src="http://i1267.photobucket.com/albums/jj559/365Wildfire/images-1.jpg" border="0" alt="Photobucket"></a>
Complex Virus
The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility,
causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information,
Schouwenberg said.
Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations,
take screen shots and log instant messaging chats.
He said there was evidence to suggest the code was commissioned by the same nation or nations that were behind
Stuxnet and Duqu, which were built on a common platform.
<a href="http://s1267.photobucket.com/albums/jj559/365Wildfire/?action=view&current=2012-05-28t145338z_1_cbre84r15dh00_rtroptp_3_iran-internetgrid-6x2.jpg" target="_blank"><img src="http://i1267.photobucket.com/albums/jj559/365Wildfire/2012-05-28t145338z_1_cbre84r15dh00_rtroptp_3_iran-internetgrid-6x2.jpg" border="0" alt="Photobucket"></a>
Both Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and
employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that
built Flame, he said.
Schouwenberg said he believed the attack was highly targeted, aimed mainly at businesses and academic institutions.
He estimated that no more than 5,000 personal computers around the world have been infected, including a handful
in North America.
Kaspersky Lab discovered Flame while investigating reports that a virus dubbed Wiper was attacking computers in Iran.