Researchers Identify 'Most Sophisticated Cyber Weapon Yet'

Hundreds of computers located in the Middle East have been infected by a highly complex virus called "Flame," according to security researchers at Kaspersky Lab.

According to a blog post published by the company, the malware has been running rampant over the past two years, stealing personal data and spying on users' online activities. The virus, which was called Flame after researchers discovered this name in its source code, is a relative of the Stuxnet and Duqu worms.

"Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar 'super-weapons' currently deployed in the Middle East by unknown perpetrators," wrote
Kaspersky Lab's Alexander Gostev.

According to the security firm, Flame is actually an attack toolkit that hackers could use to pull off many different types of data thefts and privacy breaches. Kaspersky Lab also said that this malware is unique in that the programming language LUA was used to write some of the code -- a language usually reserved for video game development. 

Flame could be used for data theft, but Kaspersky Lab indicated that it's only been seen utilized for secretly monitoring infected users. Its actions include intercepting Skype calls, recording screen grabs and accessing cell phone data connected via Bluetooth.

The security firm started researching the virus after the United Nations' International Telecommunication Union asked for its assistance. At the time, Flame was considered to be an unknown worm.

Since the majority of infected systems are in Iran, many have speculated about the possible political nature of the malware, with many suggesting that the attack originated from Israel. Speaking on the possible connection to Flame, Israeli Vice Premier Moshe Yaalon neither confirmed or denied his country's involvement.

"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," said Yaalon on Army Radio. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."

The possibility of state-sponsored malware being unleashed got lots of attention with Duqu and Stuxnet, almost as a "new" phenomenon. However, Marcus Carey, security researcher at Rapid7, said he believes that there is nothing new with Flame. While Kaspersky Lab was quick to label it the "most sophisticated cyber weapon yet unleashed," he said this is an overreaction.

"None of the methods of this malware are particularly new," said Carey in an e-mailed comment. "I've seen an emphasis on LUA being something that makes this exploit kit something new, but the fact is that penetration testers have been using tools that heavily leverage the LUA programming language for the last couple of years."


About the Author

Chris Paoli is the site producer for and


  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.