“Flame”, the world's most complex computer virus, possessing a range of espionage capabilities, including the ability to secretly record conversations, has been exposed and the target is now the Middle East after USA attack on China. For that reason, Iran ordered an official review on this software.
Experts said the malicious software was 20 times more powerful than other known cyber warfare programs, including the “Stuxnet” virus, and could only have been created by a state.
A third cyber attack in recent years on Iran and Middle East countries, to know about their recent nuclear programming, and also, have an organized effort to do a sabotage using cyber warfare or a conspiracy to kill the nuclear scientists also.
In yesteryears, “Stuxnet” attacked Iran's nuclear program in 2010, while a related program, “Duqu”, named after the Star Wars villain, stole data.
“Flame” can gather data files, remotely change settings on computers, turn on computer microphones to record conversations, take screen shots and copy instant messaging chats.
Discovered by a Russian security company that specializes in malicious computer code, it made the 20 gigabyte virus available to other researchers, claiming that it did not fully understand its scope and said its code was 100 times the size of the most malicious software.
Kaspersky Labs said the program appeared to have been released five years ago and had infected machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. "If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don't know about," Roel Schouwenberg, a Kaspersky security senior researcher, said.
Prof Alan Woodward, from the Department of Computing at the University of Surrey, commented that this invasive virus could "vacuum up" information by copying keyboard strokes and the voices of people nearby."This wasn't written by some spotty teenager in his/her bedroom. It is large, complicated and dedicated to stealing data whilst remaining hidden for a long time," he said.
The virus contains about 20 times as much code as “Stuxnet”, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail.
Mr Schouwenberg said there was evidence to suggest that the villain is the same nation who made “Stuxnet” and “Duqu” was the same because of its code. Iran's computer emergency response team said it was "a close relation" of “Stuxnet”, which has itself been linked to “Duqu”, another complicated information-stealing virus which is believed to be the work of state intelligence. It said organizations had been given software to detect and remove the discovered virus at the beginning of this month.
Crysys Lab, analyses computer viruses at Budapest University, said the technical evidence for a link between “Flame” and “Stuxnet” or “Duqu” was inconclusive and it does not spread itself automatically, but only when hidden controllers allow it.The file, which infects Microsoft Windows computers, has five encryption algorithms, exotic data storage formats and the ability to steal documents, spy on computer users and more. Components enable those behind it, who use a network of rapidly-shifting "command and control" servers to direct the virus, to turn microphones into listening devices, siphon off documents and log keystrokes.
Eugene Kaspersky, the founder of Kaspersky Lab, noted that "it took us six months to analyse “Stuxnet”.This is 20 times more complicated".
Once a machine is infected, additional modules can be added to the system, allowing the machine to undertake specific tracking project.