Sophisticated Virus Infects Computers in Iran, Mideast

Discussion in 'Anti-Virus' started by Virus Guy, May 30, 2012.

  1. Virus Guy

    Virus Guy Guest

    Sophisticated Virus Infects Computers in Iran, Mideast

    Thousands of computers in Iran belonging to government agencies and
    private companies have been infected with a highly sophisticated virus,
    dubbed Flame, in the latest cyberstrike against the Islamic Republic,
    said cybersecurity experts and Iran's telecommunications ministry.

    The malware was widely detected across the Middle East in Syria, Israel
    and the Palestinian Authority, as well as in other parts of the world,
    but Iran has the largest number of infected computers, experts said.

    At least three times since 2010, Iran has been targeted with
    sophisticated computer viruses such as Stuxnet, Duqu and Wiper. These
    viruses have disabled centrifuges for enriching uranium, stolen data
    from nuclear facilities and erased computers at the oil ministry.

    'Flame' War

    A look into the malicious software

    * Complexity It is one of the most sophisticated pieces of malicious
    software ever discovered, made up of multiple files that are 20 times as
    large as Stuxnet and carry about 100 times as much code as a basic

    * Breadth It is the most complete data-stealing tool found to date. It
    can record sounds, access Bluetooth communications, capture screenshots
    and log Internet Messaging conversations.

    * Network The creators of the virus used a network of some 80 servers
    across Asia, Europe and North America to remotely access infected
    machines. They can change settings on personal computers and quietly
    gather the stolen data.

    * Victims The largest number of infected computers was found in Iran,
    followed by Israel and the Palestinian territories. Researchers estimate
    between 1,000 and 5,000 machines were infected world-wide.

    * Perpetrator Researchers at Kaspersky Lab decline to say who they
    believe is behind Flame. The creators of Stuxnet and Flame employed
    similar techniques to infect computers.

    The aim of Flame, said experts at Kaspersky Lab, a Russian
    information-technology security firm that reported the virus on Monday,
    was espionage, not physical damage or system interruption.

    Flame, which Kaspersky said has been in operation since March 2010, was
    still active as of Monday morning, Alexander Gostev of Kaspersky Lab
    said. But after Kaspersky reported the existence of the virus publicly,
    Flame's operators immediately set about shutting the servers, an effort
    to protect the stolen data and hide the source of the virus. By Tuesday,
    Flame had become inactive, he said. "They are trying to hide."

    The creation and operation of the Flame virus must have required a large
    staff, Mr. Gostev said. He estimated that at least 20 specialists would
    have been required to create and maintain the cyberweapon, similar to
    estimates of how many people invented and worked on Stuxnet.

    Independent security experts said the scope of its complexity and method
    of operation suggests Flame was sponsored by a nation-state. It wouldn't
    be economically feasible, they argued, for a private corporation to run
    such a large-scale international cyberattack. Another reason a state is
    suspected is that the virus is designed to gather information but has no
    clear monetizing function.

    Iran on Tuesday said it was a victim of cyberwarfare by Israel and the
    U.S., the semiofficial Fars news agency reported.

    "It's in the nature of some countries and illegitimate regimes to spread
    viruses and harm other countries. We hope these viruses dry out," Ramin
    Mehmanparast, Iran's Foreign Ministry spokesman, said on Tuesday.

    Iran's computer emergency response team, known as Maher, a branch of the
    telecommunication ministry, said on Tuesday that it was sharing research
    information on the virus for the first time ever on its website. Maher
    posted a link to antivirus software developed by its researchers to
    remove Flame and offered assistance to any infected organization.

    Maher also said Flame was linked to an earlier cyberattack that erased
    data. In March, Wiper disrupted internal Internet communications at
    Iran's oil ministry and stole massive amounts of data.

    Flame is the biggest and most high-functioning cyberweapon ever
    discovered, various cybersecurity experts said. It is comprised of
    multiple files that are 20 times larger than Stuxnet and carry about 100
    times more code than a basic virus, experts said.

    The most alarming feature, experts said, is that Flame can be highly
    versatile, depending on instructions by its controller. The malware can
    steal data and social-network conversations, take snapshots of computer
    screens, penetrate across networks, turn on a computer's microphone to
    record audio and scan for Bluetooth-active devices.

    The cyber espionage activities described by the researchers are
    cyberspying techniques employed by the U.S., Israel and a number of
    other countries, cybersecurity specialists said. Cybersecurity
    researchers said the complexity of Flame's coding and comprehensiveness
    of its spy capabilities could suggest it was the work of a government.

    Experts said they believe Flame reports back the information to a
    central command-and-control network that has constantly changed
    location. Analysts found servers in Germany, Vietnam, Turkey, Italy and
    elsewhere, but haven't located the main server.

    White House National Security Council spokeswoman Caitlin Hayden
    declined to comment on Iranian accusations of U.S. involvement.

    Analysts suspected Israel and the U.S. to be behind Stuxnet, but the
    link hasn't been confirmed. U.S. officials have declined to comment on
    Stuxnet's origins, but former U.S. officials said they regard it as a
    joint effort between the U.S. and Israel. That virus infected computers
    in several countries but was written to only sabotage specific systems
    in Iran, they said.

    Stuxnet's purpose differed considerably from the apparent aim of Flame.
    Stuxnet was designed to damage computerized control systems running
    nuclear centrifuges, while Flame appears to have been designed for
    high-end targeted espionage. Researchers haven't found evidence of any
    damage to systems caused by Flame.

    Israel has neither confirmed nor denied being involved with Stuxnet.

    On Tuesday, Deputy Prime Minister Moshe Ya'Alon hinted that the country
    may be involved in Flame, saying in an interview with Army Radio,
    "Anyone who sees the Iranian threat as a significant threat—it's
    reasonable [to assume] that he will take various steps, including these,
    to harm it."

    U.S. officials draw a distinction between cyber espionage and
    cyberattacks, which have a destructive or manipulative purpose and could
    be considered an act of war.

    "We have strong beliefs that there are nations behind this malware. We
    assume it's related to the regimes and political situation in the Middle
    East," said Vitaly Kamluk, the chief malware expert for Kaspersky Lab.

    Independent experts have been on the virus's trail for about a month.
    The International Telecommunications Union, the special agency at the
    United Nations that coordinates cybersecurity efforts, approached
    Kaspersky Lab in late April to investigate a series of incidents tied to
    a malware program known as Wiper. In the process of that investigation,
    the experts discovered Flame.

    Iran's Supreme Leader Ayatollah Ali Khamenei has called the Internet a
    threat to national security and a dangerous double-edged knife that has
    benefits as well as risks.

    Since 2009, Mr. Khamenei has instructed security forces to train and
    form units to battle cyberattacks to curb the influence of social-media

    In March, Mr. Khamenei issued a decree ordering the creation of the
    Supreme Council of Cyberspace, a committee consisting of high-level
    military and intelligence officials tasked with supervising cyber
    activity and warfare.
    Virus Guy, May 30, 2012
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.