A computer anti-virus company from Russia — Kaspersky Labs — says it has discovered a new and malicious piece of software infecting machines across the Middle East. The malware is called Flame, and officials at Kaspersky say it has infected nearly 200 computers in Iran alone. Syrian, Sudanese and Palestinian computers have also been infected. Experts are only just getting their first look at Flame, and are trying to access what it can do and who might have designed it.
Kaspersky engineers say they found Flame while doing some other work for the United Nations International Telecommunication Union.
The malware, Kaspersky notes, may have been out in the wild, infecting computers, for as many as five years before being detected.
That is in part because it seems to be targeted not at millions of machines, but at computers in the Middle East.
Experts suspect that its purpose is national espionage.
Up until now, the Stuxnet virus, which supposedly targeted centrifuges at Iranian nuclear facilities, was the most sophisticated ever seen.
But Mikko Hypponen of the Finnish anti-virus company F-secure says Flame is in a class by itself.
“I mean just the size of this thing, it’s like 20 times larger than what Stuxnet was, and Stuxnet was thought to be the cutting edge of how complicated and large and encrypted malware can be,” Hypponen says.
And it can do a whole lot more than Stuxnet, or it’s file-stealing cousin Dugu.
Engineers at Kaspersky say Flame can take screen shots, and log instant messaging chats.
It is also said to be able to turn on a PC’s microphone and record conversations.
“The other huge difference is that it is much more sophisticated than the other tools,” says Boldizsar Bencsath of Laboratory of Cryptography and Systems at Budapest University. “Most likely it is capable to use your bluetooth device to do some problem. Most likely it can work with your network to infect other computers and steal data.”
The big questions, of course, are who might have built and deployed Flame and why?
The usual suspects are criminals, so-called “hacktivists” like Anonymous, and governments.
F-Secure’s Hyponnen goes with the process of elimination.
“This particular malware has obviously taken a lot of time, and most likely millions to develop and yet there’s no obvious way it’s extracting money from infected computers. So which pretty likely means its not done by criminals. This is way beyond the capabilities of any hacktivist group, which leaves us with a governmental attack.”
Due to the target list, suspicion has turned toward the United States and Israel.
Iran claims both nations were behind the Stuxent attack, a charge both the US and Israel have denied.
US military and intelligence agencies would not comment at all on Flame Tuesday.
But on Israeli armed forces radio, the country’s Deputy Prime Minister, Moshe Ya’alon didn’t exactly shed a tear.
“It is certainly reasonable that whoever sees the Iranian threat as significant would take all available measures, including those that could harm the Iranian nuclear programme.”
Iran has said it believes Flame is responsible for “recent incidents of mass data loss” in the country.
The country’s National Computer Emergency Response Team said Tuesay it had developed, and was ready to distribute, a home-grown tool to wipe the virus from infected machines.
Experts say that because of Flame’s size and complexity, it could take years before its design and purpose is fully understood, or to find more clues about who wrote it.
One computer security analyst put it this way: “The scary thing for me is that if this is what the creators were developing five years ago, I can only think what they’re developing now.”