Researchers Identify 'Most Sophisticated Cyber Weapon Yet'

Hundreds of computers located in the Middle East have been infected by a highly complex virus called "Flame," according to security researchers at Kaspersky Lab.

According to a blog post published by the company, the malware has been running rampant over the past two years, stealing personal data and spying on users' online activities. The virus, which was called Flame after researchers discovered this name in its source code, is a relative of the Stuxnet and Duqu worms.

"Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar 'super-weapons' currently deployed in the Middle East by unknown perpetrators," wrote
Kaspersky Lab's Alexander Gostev.

According to the security firm, Flame is actually an attack toolkit that hackers could use to pull off many different types of data thefts and privacy breaches. Kaspersky Lab also said that this malware is unique in that the programming language LUA was used to write some of the code -- a language usually reserved for video game development. 

Flame could be used for data theft, but Kaspersky Lab indicated that it's only been seen utilized for secretly monitoring infected users. Its actions include intercepting Skype calls, recording screen grabs and accessing cell phone data connected via Bluetooth.

The security firm started researching the virus after the United Nations' International Telecommunication Union asked for its assistance. At the time, Flame was considered to be an unknown worm.

Since the majority of infected systems are in Iran, many have speculated about the possible political nature of the malware, with many suggesting that the attack originated from Israel. Speaking on the possible connection to Flame, Israeli Vice Premier Moshe Yaalon neither confirmed or denied his country's involvement.

"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," said Yaalon on Army Radio. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."

The possibility of state-sponsored malware being unleashed got lots of attention with Duqu and Stuxnet, almost as a "new" phenomenon. However, Marcus Carey, security researcher at Rapid7, said he believes that there is nothing new with Flame. While Kaspersky Lab was quick to label it the "most sophisticated cyber weapon yet unleashed," he said this is an overreaction.

"None of the methods of this malware are particularly new," said Carey in an e-mailed comment. "I've seen an emphasis on LUA being something that makes this exploit kit something new, but the fact is that penetration testers have been using tools that heavily leverage the LUA programming language for the last couple of years."


About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube