Officials claim Iran has defeated powerful 'Flame' virus
Published Wednesday, May 30, 2012 1:53PM EDT
Iranian state officials say that country's information technology experts have already defeated an alleged cyber-espionage weapon known as "Flame" that reportedly took over a number of computers there.
Iran's deputy Minister of Communications and Information Technology, Ali Hakim Javadi, was quoted by the official IRNA news agency Wednesday that Iranian experts have already produced an anti-virus capable of spotting and removing Flame from computers.
"The anti-virus software was delivered to selected organizations in early May," IRNA quoted Javadi as saying.
Gholam Reza Jalali, who heads an Iranian military unit in charge of fighting sabotage, told state radio that the country's oil industry was briefly affected by the powerful virus.
"This virus penetrated some fields. One of them was the oil sector. Fortunately, we detected and controlled this single incident," Jalali said. "We could also retrieve the information that was lost."
He said the oil industry was the only governmental body seriously affected by Flame.
The Russian Internet security firm Kaspersky Lab ZAO was the first to bring the world's attention to the virus, which it said it stumbled upon while tracking another cyber threat circulating in Asia.
Kaspersky said the Flame virus constituted a "super-cyberweapon" because it appears to target specific software vulnerabilities and attack only selected targets. The firm said the virus was unprecedented in its size and complexity.
Information security expert, Keith Murphy, the CEO of Defence Intelligence, says it appears Flame is capable of sucking all kinds of data from the devices it infects.
"It can record audio by turning on a microphone on a computer. It can pick up handheld devices that might be nearby using Bluetooth, take screenshots, capture everything that people type into a computer and so on," he told CTV's Canada AM from Ottawa.
"What makes this so interesting is that at least 20 modules for this particular piece of malicious software have been discovered now. So there's a number of capabilities we haven't even seen yet."
Murphy says the virus appears to give the owner the ability to erase data from the infected computer, install false information, and transmit data.
"What we're seeing now is primarily information stealing, but that could change," he said.
Experts say they can see a number of technological links between Flame and another virus that circulated in 2010, the highly focused Stuxnet virus. That virus was tailored to disrupt Iran's nuclear centrifuges and many suspect it was the work of Israeli intelligence.
It's thought that Flame has been active since 2010, the same year Stuxnet disrupted controls of some nuclear centrifuges and some other industrial sites in Iran.
A third espionage virus, Duqu, was also discovered recently in Iran. But that the malware did not harm Iran's nuclear or industrial sites.
Murphy says these cyber attack seem to be the way that espionage is moving and he expects to see many more to come.
"What makes these viruses so useful for the people who put them together is that it's extremely difficult to pinpoint who's behind them. It is highly unlikely we will ever know who put this together," he said.
"That's one of the benefits of cyberespionage, as opposed to old-school, physical espionage."