Researchers discover massive new cyberweapon
Published Tuesday, May 29, 2012 7:23PM EDT
A new cyberweapon described as a "highly sophisticated malicious program" has been discovered in the Middle East, according to a Russian Internet security firm.
According to a blog post from Kaspersky Lab, the virus is on the attack in several countries in the region, including Iran.
Dubbed "Flame," it has the ability to carry out cyber espionage and can steal information such as computer display content, information about targeted systems, stored files and contact data. The virus can even reach into a nearby Bluetooth-enabled cellphone and suck data from the device.
Stolen information is then sent to a network of "command and control" servers located around the world.
"Preliminary findings indicate that this malware has been 'in the wild' for more than two years -- since March 2010. Due to its extreme complexity, plus the targeted nature of the attacks, no security software detected it," said the blog post from Kaspersky.
The program was discovered during an investigation by Kaspersky was doing into another malware program that deleted data on a number of computers in the Western Asia region. Investigators have not yet gotten to the source of that attack, but during their probe they came across Flame.
Kaspersky called the virus a "super-cyberweapon" because it appears to be geographically based, and targets specific software vulnerabilities and only attacks selected targets.
Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, said Flame appears to represent a new evolution in cyber warfare, going beyond the threat posed by previous viruses such as Duqu and Stuxnet.
"The Flame malware looks to be another phase in this war, and it's important to understand that such cyber weapons can easily be used against any country. Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case," Kaspersky said in the blog.
The program has been detected as Worm.Win32.Flame.
There are some links between Flame and Stuxnet, the virus which targeted the controls of Iran's nuclear centrifuges in 2010, The Associated Press reports.
Stuxnet took control of physical infrastructure, rather than data, for the first time proving that hackers had the ability to take over entire systems.
While Flame is focused more on espionage, the two viruses "use the same vulnerabilities in the operating system and the computer infrastructure in order to infect the computer system. We do believe that the same programmers built the two codes," Ilan Froimovici, the technical director at Power Communications, which represents Kaspersky in Israel, told AP.
There is some speculation that Flame was created at the behest of Israel as part of an electronic sabotage campaign aimed at Iran.
Israel did little to contradict that speculation.
"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," Israeli Vice Premier Moshe Yaalon told Army Radio.
"Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."
Kaspersky Lab was helping the United Nations' International Telecommunications Union search for destructive malware when it came across Flame.