A powerful data-snatching virus targeting computers in Iran, Israel and other Middle Eastern countries has been discovered by Russian experts. The worm has been used for years for what seems to be state-sponsored cyber espionage.
Russian cyber-security company Kaspersky Lab says the malware, codenamed Flame, is the largest and one of the most complex cyber-attacks ever discovered. It reports that the most severely affected computers are in Iran – but Israel, Syria and other countries across the Middle East have also been infected.
“This is one of the biggest and most sophisticated viruses of our age,” Kaspersky's chief malware expert Vitaly Kamlyuk told RT. “It is unique in the way it steals different types of information. It can record audio if a microphone is attached to the infected system. It can do screen captures and transmit visual data. It can also steal information from the input boxes, for example intercepting the keyboard or Bluetooth devices. This is a real cyber weapon that can physically destroy infrastructure.”
Kaspersky's first recorded instance of Flame dates back to August 2010, although the firm admits the worm could have been stealing data for years before that. The virus may also have been built on behalf of the same nation or nations that commissioned the Stuxnet virus that affected the Iranian nuclear program in 2010.
The Moscow-based company said on Monday that its researchers had yet to determine whether Flame had a specific mission, like Stuxnet or Duqu – another massive cyber-attack that had sought to infiltrate networks and steal data.
Flame’s code appears to be twenty times the size of Stuxnet’s. The complexity of the virus and the targets that have been hit led Kaspersky Lab to believe that this a government is behind the cyber attacks. At the same time, the experts are not sure of its exact origins and have yet to determine whether Flame had a specific mission, like Stuxnet, whose attack Iran blamed on the United States and Israel.
Many experts believe Iran’s suspicions toward the US and Israel are not without merit. In January 2011, The New York Times came out with a report stating that both attacks originated from a joint program in 2004 aimed at undermining Iran's alleged efforts to build a nuclear bomb. The article said the program was authorized by US President George W. Bush, and later accelerated by his successor, Barack Obama.
A spokesman for the US Department of Defense, David Oten, declined to comment on Flame on Monday, Reuters reports. The CIA, State Department, National Security Agency, and US Cyber Command declined to comment as well.
Kaspersky Lab said it discovered Flame after a UN telecommunications body asked it to analyze data on malicious software across the Middle East in search of the data-wiping virus reported by Iran.