Technology‎ > ‎

Kaspersky Lab says 'Flame' virus is part of secret cyber war

posted 29 May 2012, 07:11 by Mpelembe   [ updated 29 May 2012, 07:20 ]

Chief malware expert for Russia's Kaspersky Labs says it has taken two years to uncover the new massive 'Flame' virus, part of an invisible cyber war, and that so far there is not enough evidence to figure out who created it.

MOSCOW, RUSSIA (MAY 29, 2012) (REUTERS) - Kaspersky Lab chief malware expert Vitaly Kamluk said on Tuesday (May 29) that the newly-discovered, sophisticated "Flame" computer virus is part of secret cyber warfare likely between nations.

The Russian cyber security software maker claimed responsibility on Monday (May 28) for discovering the virus that they believe was deployed at least five years ago to engage in state-sponsored cyber espionage in Iran and other Middle Eastern countries.

Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.

"It took us some time to analyse the code. We didn't understand what we found because we were looking for mysterious application responsible for the wiping of computer systems, so we found it, and then it took us a couple of weeks to reverse engineer part of its code, because its really huge in size. It may take up to a year to do a full analysis of this code, to do a full coverage," Kamluk told Reuters.

According to Kamluk, evidence suggests that the virus may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010. Cyber security experts said the discovery publicly demonstrates what experts privy to classified information have long known: that nations have been using pieces of malicious computer code as weapons to promote their security interests for several years.

"We think that this is one of the rare examples of (a) cyber weapon, and it actually illustrates the fact that there are some cyber warfare operations going on there secretly. One of the key features of cyber warfare as we define it's completely, complete, secretness, so nobody knows about the cyber warfare going on, its one of the main features. Otherwise, its some of the operations would not be probably so successful," Kamluk said.

The question of who built flame is sure to become a hot topic in the security community as well as the diplomatic world. Kaspersky experts say they have yet to determine whether Flame had a specific mission like Stuxnet, and Kamulk declined to say who he thought built it.

"There is currently no strict evidence pointing to a specific country or even a region that might be related to the development or the development of this cyber attack," Kamluk said, but he said it was likely commissioned by a government because of its size and complexity.

Iran has accused the United States and Israel of deploying Stuxnet, and Kaspersky Lab said it discovered Flame after a U.N. telecommunications agency asked it to analyse data on malicious software across the Middle East in search of the data-wiping virus reported by Iran.

"It took about two years actually, to catch this malware, because our estimation is that it was created somewhere in 2010, at least in 2010, and the reasons why it was not detected since then, there are quite a few reasons - first of all it is quite a limited number of users that were infected," he said.

The Kaspersky Lab said Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and that both viruses employ a similar way of spreading.

The question of who built Flame is sure to become a hot topic in the security community as well as the diplomatic world.

Some experts suspect the United States and Israel of building Stuxnet and another virus Duqu, a view that was laid out in a January 2011 New York Times report that said it came from a joint program begun around 2004 to undermine what they say are Iran's efforts to build a bomb.