A new data-stealing virus has
been discovered dubbed Flame which has lurked inside thousands of computers
across the Middle East for as long as five years as part of a sophisticated
cyber warfare campaign.
Flame can gather data files, remotely change
settings on computers, turn on PC microphones to record conversations, take
screen shots and log instant messaging chats.
"The most complex piece of malicious
software discovered to date", according to Kaspersky Lab security senior
researcher Roel Schouwenberg, whose company discovered the virus. This
discovery by one of the world’s largest makers of anti-virus software will
spark speculation if other nations are also playing the tactics through secret
cyber weapons.
“If Flame
went on undiscovered for five years, the only logical conclusion is that there
are other operations ongoing that we don’t know about,” Schouwenberg said in an
interview.
Kaspersky
Lab discovered Flame while investigating reports that a virus named Wiper is
attacking computers in Iran. However, they did not know who built Flame.
However, they failed to turn up anything that resembled Wiper.
This
Moscow-based company gained notoriety in cyber weapons research after solving
several mysteries surrounding Stuxnet and Duqu, is controlled by Russian
malware researcher Eugene Kaspersky.
If the Lab’s
analysis has the reality then, Flame could be the third major cyber
weapon uncovered after the Stuxnet virus that attacked Iran’s nuclear
program in 2010, and its data-stealing cousin Duqu, named after the Star
Wars villain.
Researchers
at Kaspersky still finding full significance of the "Flame" although
they were only starting to understand how Flame works because it is so complex.
The Lab’s
research found most of the infected machines are in Iran, followed by the
Israel/Palestine region, then Sudan and Syria. More than 5,000 personal
computers around the world have been infected, including a handful in North
America.
“The geography of the targets and also the
complexity of the threat leaves no doubt about it being a nation-state that
sponsored the research that went into it,” the BBC quoted Kaspersky’s chief malware expert
Vitaly Kamluk.
Complexity of Flame
The virus contains about 20 times more codes
as Stuxnet, which attacked an Iranian uranium enrichment facility, causing
centrifuges to fail, while about 100 times more code as a typical virus
designed to steal financial information, Schouwenberg said, and there was
evidence to suggest the code was commissioned by the same nation or nations
that were behind Stuxnet and Duqu, which were built on a common platform.
Both Flame
and Stuxnet appear to infect machines by employing a similar way of spreading and exploiting the same flaw in the Windows
operating system.
The ITU (International Telecommunications
Union), a UN agency that promotes research and cooperation on
telecommunications technology, asked Kaspersky Lab to investigate further.