Kaspersky’s Flame
Posted: May 29th, 2012 | Author: Marcus Dangerfield | Filed under: ONLINE SECURITY | Tags: crysys, DUQU, Iran National Computer Emergency Response Team, Kaspersky, Laboratory of Cryptography and System Security, STUXNET< FLAME, US Cyber Consequences Unit | No Comments »
Russian cyber security software-maker Kaspersky Lab has discovered a highly sophisticated computer virus in Iran that they believe was deployed at least five years ago to engage in state-sponsored cyber terrorism. Responsibility for discovering the virus, which has been dubbed ‘Flame’.
Kaspersky said evidence suggested that it may have been built on behalf of the same nation, or nations, that commissioned the Stuxnet worm that attacked Iran’s nuclear program in 2010.
Kaspersky say they have yet to determine whether Flame had a specific mission like Stuxnet, and declined to say who they think built it. Iran has has long claimed that the United States and Israel deployed Stuxnet ::::
Key facts about Flame
|
Cyber security experts said the discovery provided new evidence that nations have been using pieces of malicious computer codes as weapons to promote their security interests for several years.
“This is one of many, many campaigns that happen all the time and never make it into the public domain,” Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs, said.
A cyber security agency in Iran said on its website that Flame bore a “close relation” to Stuxnet, the notorious computer worm that attacked that country’s nuclear program in 2010 and is the first publicly known example of a cyber weapon.
Iran’s National Computer Emergency Response Team also said Flame might be linked to recent cyber attacks that officials in Tehran say were responsible for massive data losses on some Iranian computer systems.
Kaspersky Lab said it discovered Flame after a United Nations telecommunications agency asked it to analyse data on malicious software across the Middle East in search of the data-wiping virus reported by Iran.
Stuxnet Connection
Experts at Kaspersky Lab as well as Hungary’s Laboratory of Cryptography and System Security spent weeks studying Flame said they have yet to find any evidence that it could attack infrastructure, delete data or inflict other physical damage.
But they said they were in the early stages of their investigations and could discover other purposes beyond data theft.
It took researchers months to determine the key mysteries behind Stuxnet, including the purpose of modules used to attack a uranium enrichment facility at Natanz, Iran.
“Their initial research suggest that this was probably written by the authors of Stuxnet for covert intelligence collection,” John Bumgarner, a cyber warfare expert with the non-profit US Cyber Consequences Unit think tank, said.
Flame appears poised to go down in history as the third major cyber weapon uncovered after Stuxnet and its data-stealing cousin Duqu, named after the Star Wars villain.
Kaspersky Lab is based in Moscow and controlled by Russian malware researcher Eugene Kaspersky.
The lab gained notoriety in cyber weapons research after solving several mysteries surrounding Stuxnet and Duqu. Its research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.
The virus contains about 20 times as much code as Stuxnet, which caused centrifuges to fail at the Iranian enrichment facility it attacked. Flame has about 100 times as much code as a typical virus designed to steal financial information, Kaspersky Lab senior researcher Roel Schouwenberg said.
source: reuters
source: kaspersky
source: crysys
Leave a Reply
You must be logged in to post a comment.