Rediff.com« Back to articlePrint this article

New data stealing virus hits West Asia

May 29, 2012 14:19 IST

An unprecedented "cyber espionage worm" considered the most sophisticated spyware virus yet unleashed, attributed to a "state player", has hit Iran and other West Asian countries with the possible goal of foiling Tehran's nuclear ambitions.

Security experts discovered the new data-stealing virus dubbed Flame, which they say has lurked inside thousands of computers across West Asia for as long as five years as part of a sophisticated cyber warfare campaign.

Russia-based Internet security company Kaspersky Lab that uncovered the virus 'Flame' said it is designed to collect and delete sensitive information.

Kaspersky, one of the world's biggest producers of anti-virus softwares, said the bug had infected computers in Iran, the West Bank, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

Flame is "actively being used as a cyber weapon attacking entities in several countries," Kaspersky said in a statement, describing its purpose as "cyber espionage".

"The complexity and functionality of the newly discovered malicious programme exceed those of all other cyber menaces known to date," the statement said.

The Internet security company also said that Flame contained a specific element that was used in the Stuxnet worm and which had not been seen in any other malware since.

On its blog, Kaspersky called Flame a "sophisticated attack toolkit," adding that it was much more complex than Duqu, the vehicle used to deliver Stuxnet.

The Stuxnet bug, discovered in June 2010, targeted primarily Iranian computers.

Iran admitted that the worm had damaged centrifuges operating at an uranium enrichment facility at Nantaz.

Kaspersky's chief malware expert Vitaly Kamluk told the BBC that more than 600 specific targets had been hit by Flame, including computers owned by individuals, businesses, academic institutions and government systems.

Kamluk said he believed the malware had been operating at least since August 2010, and probably earlier, adding that there was "no doubt" that it was developed by a "state actor".

Israel has described Iran's nuclear programme an "existential threat", vowing to use all "options on the table" to foil it.

Symantec, another Internet security firm, was quoted by daily Ha'aretz as saying on its blog that the bug's code was on par with that of Stuxnet and Duqu, which it described as "arguably the two most complex pieces of malware we have analysed to date."

It also said that certain file names in Flame were identical to those described in a hacking incident in April involving the Iranian oil ministry.

The worm had been operating discreetly for at least two years and was likely written by "an organized, well-funded group of people working to a clear set of directives," the firm stressed.

Symantec said the virus had also been found in computers in Hungary, Austria, Russia, Hong Kong and the United Arab Emirates.

© Copyright 2024 PTI. All rights reserved. Republication or redistribution of PTI content, including by framing or similar means, is expressly prohibited without the prior written consent.