Security experts said on Monday a highly sophisticated computer virus is infecting computers in Iran and other Middle East countries and may have been deployed at least five years ago to engage in state-sponsored cyberespionage.
Evidence suggest that the virus, dubbed Flame, may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran’s nuclear program in 2010, according to Kaspersky Lab, the Russian cybersecurity software maker that took credit for discovering the infections.
Kaspersky researchers said they have yet to determine whether Flame had a specific mission like Stuxnet, and declined to say who they think built it.
Iran has accused the US and Israel of deploying Stuxnet.
Cybersecurity experts said the discovery publicly demonstrates what experts privy to classified information have long known: That nations have been using pieces of malicious computer code as weapons to promote their security interests for several years.
“This is one of many, many campaigns that happen all the time and never make it into the public domain,” said Alexander Klimburg, a security expert at the Austrian Institute for International Affairs.
A cybersecurity agency in Iran said on its English Web site that Flame bore a “close relation” to Stuxnet, the notorious computer worm that attacked that country’s nuclear program in 2010 and is the first publicly known example of a cyberweapon.
Iran’s National Computer Emergency Response Team also said Flame might be linked to recent cyberattacks that officials in Tehran have said were responsible for massive data losses on some Iranian computer systems.
Kaspersky Lab said it discovered Flame after a UN telecommunications agency asked it to analyze data on malicious software across the Middle East in search of the data-wiping virus reported by Iran.
Experts at Kaspersky Lab and Hungary’s Laboratory of Cryptography and System Security who have spent weeks studying Flame said they have yet to find any evidence that it can attack infrastructure, delete data or inflict other physical damage.
Yet they said they are in the early stages of their investigations and that they may discover other purposes beyond data theft. It took researchers months to determine the key mysteries behind Stuxnet, including the purpose of modules used to attack a uranium enrichment facility at Natanz, Iran.
If Kaspersky’s findings are validated, Flame could go down in history as the third major cyberweapon uncovered after Stuxnet and its data-stealing cousin Duqu, named after the Star Wars villain.
Officials with Symantec Corp and Intel Corp McAfee security division, the top two makers of anti-virus software, said they were studying Flame.
Symantec Security Response manager Vikram Thakur said that his company’s experts believed there was a “high” probability that Flame was among the most complex pieces of malicious software ever discovered.
However, privately held Webroot said its automatic virus-scanning engines detected Flame in December 2007, but that it did not pay much attention because the code was not particularly menacing.
The virus contains about 20 times as much code as Stuxnet, which caused centrifuges to fail at the Iranian enrichment facility it attacked. It has about 100 times as much code as a typical virus designed to steal financial data, Kaspersky Lab senior researcher Roel Schouwenberg said.
Flame can gather data files, change settings on computers, turn on PC microphones to record conversations, take screenshots and log instant messaging chats.
Kaspersky Lab said Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and that both viruses employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, Schouwenberg said.
He said that a nation state would have the capability to build such a sophisticated tool, but declined to comment on which countries might do so.
The question of who built Flame is sure to become a hot topic in the security community as well as the diplomatic world.
There is some controversy over who was behind Stuxnet and Duqu. Some experts suspect the US and Israel, a view that was laid out in a January 2011 New York Times report that said it came from a program begun around 2004 to undermine what they say are Iran’s efforts to build a bomb.
The US Defense Department, CIA, State Department, National Security Agency and US Cyber Command declined to comment.
Super Typhoon Kong-rey is the largest cyclone to impact Taiwan in 27 years, the Central Weather Administration (CWA) said today. Kong-rey’s radius of maximum wind (RMW) — the distance between the center of a cyclone and its band of strongest winds — has expanded to 320km, CWA forecaster Chang Chun-yao (張竣堯) said. The last time a typhoon of comparable strength with an RMW larger than 300km made landfall in Taiwan was Typhoon Herb in 1996, he said. Herb made landfall between Keelung and Suao (蘇澳) in Yilan County with an RMW of 350km, Chang said. The weather station in Alishan (阿里山) recorded 1.09m of
STORM’S PATH: Kong-Rey could be the first typhoon to make landfall in Taiwan in November since Gilda in 1967. Taitung-Green Island ferry services have been halted Tropical Storm Kong-rey is forecast to strengthen into a typhoon early today and could make landfall in Taitung County between late Thursday and early Friday, the Central Weather Administration (CWA) said yesterday. As of 2pm yesterday, Kong-Rey was 1,030km east-southeast of Oluanpi (鵝鑾鼻), the nation’s southernmost point, and was moving west at 7kph. The tropical storm was packing maximum sustained winds of 101kph, with gusts of up to 126 kph, CWA data showed. After landing in Taitung, the eye of the storm is forecast to move into the Taiwan Strait through central Taiwan on Friday morning, the agency said. With the storm moving
NO WORK, CLASS: President William Lai urged people in the eastern, southern and northern parts of the country to be on alert, with Typhoon Kong-rey approaching Typhoon Kong-rey is expected to make landfall on Taiwan’s east coast today, with work and classes canceled nationwide. Packing gusts of nearly 300kph, the storm yesterday intensified into a typhoon and was expected to gain even more strength before hitting Taitung County, the US Navy’s Joint Typhoon Warning Center said. The storm is forecast to cross Taiwan’s south, enter the Taiwan Strait and head toward China, the Central Weather Administration (CWA) said. The CWA labeled the storm a “strong typhoon,” the most powerful on its scale. Up to 1.2m of rainfall was expected in mountainous areas of eastern Taiwan and destructive winds are likely
The Central Weather Administration (CWA) yesterday at 5:30pm issued a sea warning for Typhoon Kong-rey as the storm drew closer to the east coast. As of 8pm yesterday, the storm was 670km southeast of Oluanpi (鵝鑾鼻) and traveling northwest at 12kph to 16kph. It was packing maximum sustained winds of 162kph and gusts of up to 198kph, the CWA said. A land warning might be issued this morning for the storm, which is expected to have the strongest impact on Taiwan from tonight to early Friday morning, the agency said. Orchid Island (Lanyu, 蘭嶼) and Green Island (綠島) canceled classes and work