The Russian based Anti-Malware firm Kaspersky Labs recently discovered a new brand of spyware virus infecting many Middle Eastern country computers including: Iran, Lebanon, Syria, Sudan, the west bank. Symantec a United States based anti-malware firm has also reported infections in Austria, Russia, Hong Kong and United Arab Emirates.
“Most consider this a Nation-state derived espionage attack ”
The Flame Virus’s (as Kaspersky is calling it, Symantec is referring to it as the Flamer) purpose is to simply steal information. The program itself did not seem to have any intention on damaging computer systems but to simply gather as much information from the infected computer as possible. Because of it’s complexity, sophistication, wide scope of infection, and apparent no desire to steal money in any way; most consider this a Nation-state derived espionage attack.
The Flame virus was discovered after Kaspersky was asked to look into a potential threat after the United Nations International Telecommunications Union received reports of data loss and possible threat from the Iranian Oil Ministry.
“It can take years to fully understand what exactly the Flame virus does and how it does it ”
The length of the infection, amount of computers, origin of infection, and culprits to this sophisticated and elegant computer virus is unknown at this time. Kaspersky thinks that it may be post 2010 but evidence found by WebRoot in 2007 indicates that at least small portions of this virus have been found 5 years ago.
Cyber espionage has become the most prevalent threat to national security since the Stuxnet and DuQu attacks in 2009 and 2010. While Stuxnet and DuQu targeted Iranian nuclear facilities with the intent of breaking centrifuges through manipulation of the equipment’s software. The Flame virus attackers only desired to steal information from privileged users and computers
This infection was strategically managed by the attackers by only allowing certain computers to be infected. Victims include individuals, private companies, educational institutions, and government-run organizations. Flame only targeted specific systems and is considered the most complex malware ever created to date by many computer security experts.
It’s complexity is beyond that of anything Kaspersky has ever seen before as it is over 20MB in size and has 20 plug-in’s that can be turned on, or installed post infection. To better suit the needs of the attackers. Kaspersky says that it can take years to fully understand what exactly the Flame virus does and how it does it. As the Stuxnet virus took 6 months to decode, Kaspersky explains Flame is more than 20 times as complicated.
The flame virus is capable of turning internal microphones on, recording conversations, taking screen shots periodically particularly while accessing email and chat systems, enabling blue tooth and scanning nearby Bluetooth devices, recording keystrokes, and even a kill module that would complete wipe the computer of any trace of the virus
“The flame virus is capable of turning internal microphones on and recording conversations.”
The way the flame virus first infects computers is unknown at this time, but it does have the capability of spreading inside networks through a printer spool vulnerability and portable USB drives. Though the virus does not infect every computer it comes in contact with. The spreading modules are actually disabled upon successful infection and must be turned on again at a later date by the attackers themselves. This also supports the theory of the high sophistication of this attack because of the desire to not spread the virus unnecessarily to avoid detection.
The Flamer virus has been confused by a different malware that is known as the Wiper or Viper virus that has also been infecting sensitive governing based computer systems recently. These are different viruses all together.
Flame is not something that may immediately affect the public in general, but has long term implications of compromising dozens of countries internal security systems which in turn can have unknown and potentially disastrous consequences for national security and world stability. As this virus is technically still in the wild and capable of infecting other computers for some time it is still an active threat to most countries.
This may mark a new era in espionage and cyber-crimes. With the development of such complex and elegant malware viruses that are capable of avoiding detection for years and stealing endless amounts of confidential and potentially dangerous information from thousands of privileged computers over long periods of time, we must stop and wonder where malware is going in the future.