Powerful "Flame" virus found in Mideast

Security experts have discovered a new data-stealing virus dubbed "Flame" they say has lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign. 

It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab's work were made available on Monday.  Schouwenberg said he did not know who built Flame.

Researchers at Kaspersky said they were only starting to understand how Flame works because it is so complex. The full significance will not be known until other cyber security firms obtain samples of Flame. The Lab's research shows the largest number of infected machines are in Iran, followed by the Israel/Palestine region, then Sudan and Syria.   

The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information, Schouwenberg said.  

Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.  He said there was evidence to suggest the code was commissioned by the same nation or nations that were behind Stuxnet and Duqu, which were built on a common platform.  Both Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and employ a similar way of spreading.  

Flame is probably behind a disruption in Iran's oil industry last month, the Guardian reports. Analysts haven't identified the designer of the virus, but assume a government with a formidable budget and a large team worked on it for months—so fingers will point to the US and Israel, the Guardian notes. Whoever made it, experts say Flame trumps Stuxnet, which hit Iran's nuclear facilities two years ago.

Researchers at Kaspersky estimated that around 5,000 personal computers around the world have been infected by the virus, Iranbeing hit the hardest, with 189 infected computers, followed byIsrael and the Palestinian territories (98 computers), Sudan (32),Syria (30),Lebanon (18), Saudi Arabia (10) and Egypt (5).

The researchers further estimated that the virus was developed by a country that allocated a significant budget for its development, which might be linked to cyber warfare.

"Unlike the Suxtent virus that attacked in Iran, this is a spyware that doesn't disrupt or terminate systems, Professor Yitzhak Ben Yisrael, the former head of the Administration for the Development of Weapons and the Technological Industry said.

According to Ben Yisrael, while the source of the software is unknown, "its aim is clear – collecting intelligence." The professor added that the spyware acts like a worm, jumping from one computer to another, and that it is impossible to locate the destination of the data that was copied.

Another expert noted that the virus was extremely invasive, and was not created by a bored teenager, but rather by a sophisticated programmer.

That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame.