Security experts have discovered a new data-stealing virus dubbed
"Flame" they say
has lurked inside thousands of computers across the Middle East for as long as
five years as part of a sophisticated cyber warfare campaign.
It is the most complex
piece of malicious software discovered to date, said Kaspersky Lab security
senior researcher Roel Schouwenberg, whose company discovered the virus. The
results of the Lab's work were made available on Monday. Schouwenberg
said he did not know who built Flame.
Researchers
at Kaspersky said they were only starting to understand how Flame works because
it is so complex. The full significance will not be known until other cyber
security firms obtain samples of Flame. The Lab's research shows the
largest number of infected machines are in Iran, followed by the
Israel/Palestine region, then Sudan and Syria.
The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium
enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus
designed to steal financial information, Schouwenberg said.
Flame
can gather data files, remotely change settings on
computers, turn on PC microphones to record conversations,
take screen shots and log instant
messaging chats. He said
there was evidence to suggest the code was commissioned by the same nation or
nations that were behind Stuxnet and
Duqu, which were built on a common
platform. Both Flame and Stuxnet appear to infect machines by exploiting
the same flaw in the Windows operating system and employ a similar way of
spreading.
Flame
is probably behind a disruption in Iran's oil industry last month, the Guardian reports. Analysts haven't identified the
designer of the virus, but assume a government with a formidable budget and a
large team worked on it for months—so fingers will point to the US and Israel,
the Guardian notes. Whoever made it, experts say Flame trumps
Stuxnet, which hit Iran's nuclear facilities two years
ago.
Researchers
at Kaspersky estimated that around 5,000 personal computers around the world
have been infected by the virus, Iranbeing hit the hardest,
with 189 infected computers, followed byIsrael and the
Palestinian territories (98 computers), Sudan (32),Syria (30),Lebanon (18), Saudi Arabia (10) and Egypt (5).
The
researchers further estimated that the virus was developed by a country
that allocated a significant
budget for its development, which might be linked to cyber warfare.
"Unlike
the Suxtent virus that attacked in Iran, this is a spyware that doesn't disrupt or terminate systems, Professor
Yitzhak Ben Yisrael, the former head of the Administration for the Development
of Weapons and the Technological Industry said.
According
to Ben Yisrael, while the source of the software is unknown, "its aim is
clear – collecting intelligence." The professor added that the spyware
acts like a worm, jumping from one computer to another, and that it is
impossible to locate the destination of the data that was copied.
Another
expert noted that the virus was extremely invasive, and was not created by a bored
teenager, but rather by a sophisticated programmer.
That means the teams that built Stuxnet and Duqu might
have had access to the same technology as the team that built Flame.
No comments:
Post a Comment