Researchers have identified a sophisticated new computer virus 20 times the size of Stuxnet, the malicious software that disabled centrifuges in an Iranian nuclear plant. But unlike Stuxnet, the new malware appears to be used solely for espionage.
Variously dubbed Flame, Skywiper and Flamer, the new virus is the largest and possibly most complex piece of malware ever discovered, which suggests it is state-sponsored, researchers said.
It is loaded with functions, but so far none appears to be destructive, they said.
As with Stuxnet, the creator of Flame remains a mystery, though some analysts say they suspect Israel and the United States, given the virus’s sophistication, among other things.
Some researchers say that certain characteristics common to Stuxnet and Flame suggest that whoever ordered up Stuxnet is also behind Flame.
“It’s very likely it’s two teams working effectively on the same program but using two very different approaches,” said Roel Schouwenberg, a senior researcher with Kaspersky Labs, a Russian cybersecurity firm, which announced its analysis of Flame on Monday.
Still, much research remains to be done on the new virus, which has also been analyzed by CrySys, a cryptography and system security lab at the Budapest University of Technology and Economics.
Skywiper, as CrySys calls the virus, may have been active for as long as five to eight years. It uses five encryption methods, three compression techniques and at least five file formats. Its means of gathering intelligence include logging keyboard strokes, activating microphones to record conversations and taking screen shots, CrySys reported.
It is also the first identified virus that is able to use Bluetooth wireless technology to send and receive commands and data, Schouwenberg said.
One of the characteristics Stuxnet and Flame share is the ability to spread through computers that can share a printer on one network by exploiting a particular Windows vulnerability, Schouwenberg said. Flame is reminiscent of DuQu, a virus thought to be related to Stuxnet, in that its function is espionage.
“We would position Flame as a project running parallel to Stuxnet and DuQu,” Kaspersky Labs said in a blog post Monday.
Flame contains 20 megabytes of code. Though malware’s size is not per se a measure of sophistication, Schouwenberg said, in this case “its size shows that it’s taken a lot of time and work to create.”
So far Kaspersky, which has clients around the world, has identified Flame infections primarily in Iran, Israel and other Middle Eastern countries but none in Europe or North America. The infections have hit computers belonging to individuals, educational institutions and state-related organizations, Kaspersky said.
The virus’s creators seemed interested in general intelligence — e-mails, documents, even instant messages, Kaspersky said. But the lab has no evidence so far to document any data stolen.
Rats – another of our secret weapons discovered.
Probably McAfee.
Calling this virus a “flamer” seems to go along with today’s culture.
Probably launched by some 12 year old.
As a former CIA trained spy during the Eisenhower era and more recently a retired Verizon computer communications foreman, I am not surprised one iota by what I read. Please know that our government now has the ability to read the number plate on the car(s) in your door yard from a satellite. They also have hearing devices that can hear and tape a conversation from 100 yards away. Like the writer George Orwell said, “It’s the Way of the World.
The Fukushima meltdown – courtesy of the Mossad and CIA.
Only four countries had the technical know-how to develop the Flame virus: “Israel, the U.S., China and Russia.”
Since the virus was obviously intended for Iran, we can eliminate its friends China and Russia.
This leaves only Israel and us.
Having thoroughly demonized Iran, anything we do to it has become fair game.
But there is nothing fair or right about taking another country’s data. Certainly we would not want China or Russia taking our data and spreading it to 80 separate servers.
As a leader of the world community aspiring for governance through universal fairness, we can no longer afford to follow the beaten path of expediency chosen by Israel. Doing so will not only deprive us of our moral authority, but will also squander our unique opportunity to fashion a more just and fair world.