‘One of the Most Complex Threats Ever Discovered’: New Cyber Weapon Found in Iran
- Posted on May 28, 2012 at 5:15pm by
Liz Klimas
- Print »
- Email »
Areas where the new, complex virus "Flame" has been discovered. (Image: Kaspersky Labs via Wired)
A new computer virus that appears to have been deployed five years ago was recently discovered in Iran and cyber security experts suggest it could have been built by the same entities that ordered the 2010 Stuxnet attack, according to Reuters.
The presence of the virus — dubbed “Flame” — was announced by the Russian-based Kaspersky Labs on Monday. Reuters reports the security software firm has not said whether the cyber weapon was deployed with a specific mission like that of the Stuxnet worm, which is suspected to have been launched to help take down Iran’s nuclear infrastructure.
Comparing Flame to Stuxnet, Reuters reports experts finding the virus has 20 times more code. Compared to most computer viruses that steal financial information, Flame has 100 times more code. Kaspersky Labs found it exploits a vulnerability in Windows, like Stuxnet. BBC reports that this newly discovered virus is being called “one of the most complex threats ever discovered.” Here’s a few more on the details being reported about the virus from Reuters:
Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.
Kaspersky Lab said Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and that both viruses employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, [Kapersky Lab senior researcher Roel] Schouwenberg said.
Wired reports Chief Security Expert at Kaspersky Alexander Gostev saying it could take 10 years to completely understand how Flame works. While Stuxnet was 500 kilobytes, Flame is 20 megabytes. Here’s more from Wired on the virus:
“It was obvious DuQu was from the same source as Stuxnet. But no matter how much we looked for similarities [in Flame], there are zero similarities,” Gostev said. “Everything is completely different, with the exception of two specific things.”
One of these is an interesting export function in both Stuxnet and Flame, which may turn out to link the two pieces of malware upon further analysis, Gostev said. The export function allows the malware to be executed on the system.
Also, like Stuxnet, Flame has the ability to spread by infecting USB sticks using the autorun and .lnk vulnerabilities that Stuxnet used. It also uses the same print spooler vulnerability that Stuxnet used to spread to computers on a local network. This suggests that the authors of Flame may have had access to the same menu of exploits that the creators of Stuxnet used.
Aside from the discovery alone, Reuters reports this find further proves that countries are using cyberwarfare to protect or promote their own security:
“This is one of many, many campaigns that happen all the time and never make it into the public domain,” said Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs.
A cyber security agency in Iran said on its website on Monday that Flame bore a “close relation” to Stuxnet, the notorious computer worm that attacked that country’s nuclear program in 2010 and is the first publicly known example of a cyber weapon.
It is speculated that this virus could be related to a more recent attack on computer systems controlling Iran’s oil in Tehran. The late April cyber attack resulted in a complete disconnect of the main export terminal, although it was quickly restored.
(Related: Iran oil back online after another cyber attack that forced disconnect)
According to Reuters the virus is “poised to go down in history as the third major cyber weapon uncovered after Stuxnet and its data-stealing cousin Duqu.” Reuters reports Hungarian researcher Boldizsar Bencsath as saying it is unnerving for the present and future given this virus, which could have been active five to eight years ago, is only just being discovered:
“The scary thing for me is: if this is what they were capable of five years ago, I can only think what they are developing now,” Mohan Koo, managing director of British-based Dtex Systems cyber security company.
In addition to being found in systems in Iran, Reuters reports the virus has also been seen in Israel, Palestinian territories, Sudan and Syria. It is estimated that more than 1,000 machines are infected with Flame.
So far, neither Kaspersky Labs nor any U.S. entities have commented on who may have designed the virus.
Read more details on the virus in Wired’s report here.
Comments (40)
Sign In To Post Comments! Sign In
Popular Stories
Paper Details Obama Admin’s Alleged Secret Note Sent to Iran: If Israel Attacks, We Won’t Get Involved 569 Comments
‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 394 Comments
This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 386 Comments
Roseanne Barr: Most Billionaires ‘Violent Pedophiles’ & ‘Heartless’ Cocaine Addicts 368 Comments
President Obama Issues Major ‘Green Energy’ Executive Order 327 Comments
Faith
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 386 Comments
Pakistani Muslim Cleric Accused of Framing Disabled Christian Girl in Koran-Burning Case Read More- ‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 394 Comments
Meet the Controversial German Imam Accused of Brutally Beating His Wife & Pushing Sharia Law Read More
‘Self-Proclaimed Messiah’ & Unification Church Leader the Rev. Sun Myung Moon Has Died — Here’s His Life Story Read More
Business
- President Obama Issues Major ‘Green Energy’ Executive Order 327 Comments
- Germany’s Upcoming Court Ruling Will be Huge for the EU Read More
Ford Looks to Beat Toyota for Best-Selling Car in 2012 With This Model 150 Comments
Bernanke & QE3: Here’s What You Need to Know Read More- ‘Extortion’: Why Did the Labor Department ‘Drop the Hammer’ on Oregon Farmers? 302 Comments
Technology
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 386 Comments
‘TaserDrone’: Hackers Weaponize Quadcopter With Actual ‘Shocking’ Technology Read More
Ever Heard of the Wild ‘Burning Man’ Festival in the Middle of the Nev. Desert? Here’s Your Primer Read More
Stanford Develops Technology ‘Better Than Steroids’ for Athlete Recovery Read More
Have You Pretended to Know What ‘the Cloud’ Is? You’re Not Alone Read More
Submitting your tip... please wait!
WHISKY13
Posted on May 29, 2012 at 4:05pmkeep it simple, Iran is the primary target here, like with Stuxnet. Better virus than more bogus pr meetings, and ineffective sanctions, or more American blood and treasure.
Either US or Israel responsible, or combined effort. Hope it puts a big dent in Iran’s Nuke (weapons) efforts.
Report Post »spfoam1
Posted on May 29, 2012 at 12:26pm5 years old and they are just now discovering it. LMAO. The Iranians should be very worried about pushing any button that launches a missile at anyone. For all they know thier missile will all make a u-turn and fly right back up the arse it came from. Iran may as well assume that everything they have is infected by more than one virus.
Report Post »searching for the Truth
Posted on May 29, 2012 at 11:11amTo hand over the internet to the UN would be suicide because the UN is completely controlled by Israel’s enemies.
Report Post »marybethelizabeth
Posted on May 28, 2012 at 8:09pmTwo articles today on “The Iranian Threat”, both of which turn out to be no threat at all.
Whose agenda is theblaze promoting with this propaganda?
Report Post »ICanComment
Posted on May 28, 2012 at 9:23pm@MaryBethElizabeth
I’m continually surprised by the number of people who read a headline, skim over an article, and then either knowingly comment incorrectly, or jump to an incorrect conclusion without much apparent effort.
Please read the article again. “Found in Iran” does not mean “originated from Iran.” In fact, the article seems to insinuate that the “virus” (Trojan horse?) may have originated from the same authors of Stuxnet, which targeted Iran’s nuclear program specifically.
Propaganda? Heck, all of the news is written by human beings, so it’s all biased. This article, however, is on the low end of the bias scale, besides the headline. (My opinion, of course, but that goes without saying, given that this is the comments section.)
I always wonder why people who don’t seem to care for the Blaze comment so much on the articles here. If you don’t like it, why are you here? I don’t like HuffPo, so why would I go there and read articles, let alone comment there? Could it be… that you have an agenda?
Report Post »marybethelizabeth
Posted on May 28, 2012 at 10:34pmSo you understand what I am saying.
That is the reason that I said the claims made in the headlines for both stories today were unfounded.
The propaganda is in the headlines.
The truth NOT theblaze.
Report Post »loriann12
Posted on May 29, 2012 at 6:19amYou didn’t answer the question…just answer the question: Why are you here if all you ever do is criticize? I have a blog and the only comments I ever received were on an internet story I put up, not on any of my unveiling of facts. You have to complain about a headline? And you don’t get the distinction between coming from and discovered in? Sounded to me like someone was trying to give Iran a virus, not Iran was threatening the world. I would call that balanced reporting.
Report Post »Amos37
Posted on May 29, 2012 at 7:38amHave you never read Ezekiel 38 or 39? It explains how Iran, Russia, and China will come against Israel in the final world war. Don’t you see the spiritual aspect of all this? Iran believes we are the big Satan and Israel is the little Satan, so they will do whatever they can to destroy us, especially if they can do it from the inside. Their god hates the True God because he wants to promote lawlessness. Wake up.
Report Post »marybethelizabeth
Posted on May 29, 2012 at 7:45am“Just answer the question?” Your imitation of Shaun Hannity and Bill O’Reilly is spot on.
I heard Mr. Beck say once that theblaze was 40% criticism of him. I know he‘s thin skinned but that’s overstated by a factor of 10. I’m just trying to prove him right for maybe the only time in his life.
Balanced reporting isn’t double speak. The story is intentionally misleading.
Report Post »Clownshoes
Posted on May 29, 2012 at 8:35amI have to stay is that the pic you use MaryE as your avatar is just what I envision you to look like… a mutant little troll.
Report Post »kathleenlee
Posted on May 29, 2012 at 9:14amwhen you learn a little more by reading and eduction…feel free to comment…until then, we really don’t care what you have to say. The article which insinuates the virus was made and delivered to Iran should give you a clue as to who might have dispersed it…hmmmm!!! with obuma as president, we can assume it is not him…but, Bibi is a different story all together. A country surrounded by people who want to kill them. One of the best friends America has ever had…hmmmm!!!! But I believe that obama is a calculating enemy of Israel, and of America! Your statement only goes to show how the Dept. of Education has failed our children, rewritten history the way their progressive communists counterparts want it. It is time to wake up. America is in real danger. If you don’t understand that, I pity the life your children will have. you really need to read real history…history in their own words…not some candy coated pack of lies that, overtime makes you believe that you’re right, when you are clearly wrong. tsk tsk tsk
Report Post »JRook
Posted on May 29, 2012 at 10:54amPerhaps the bigger threat lies in why MS Windows still trails Mac OS in terms of vulnerabilities. Something that has been identified and of concern since Windows was first introduced. So we should ask why MicroSoft has not significantly reduced the weaknesses in its operating systems. But when you focus more on marketing and buttressing your virus protection partners than technology that’s exactly what you get.
Report Post »The-Monk
Posted on May 29, 2012 at 2:40pm@JR ook
The purpose of Malware is to hit as many computers as possible. Since Microsoft has had the greatest share (over 90%) of operating systems in the World for many years, Malware programers don’t waste time on less than 10% of the other operating systems.
As Mac OS and Linux become more popular the Malware programers will write virus’s for them. If you check out Anti-virus vendors you will see they are now offering Malware protection for Mac OS.
It’s all about getting the most bang for the buck. These programers are not cheap.
Report Post »The-Monk
Posted on May 29, 2012 at 2:44pm@marybethelizabeth
I now know why your avatar is always “red faced”. It’s the embarrassment you feel for the things you post.
Report Post »socialism.rocks
Posted on May 28, 2012 at 6:44pmlmao all chips can be coded… a virus is just a diversion-
why do you think intel started making chips in israel
floating point <code
polymoprhism.. is okay for rootkits-flame-
software and even hardware based – r{44ff/n gerples efg
Report Post »MrObvious
Posted on May 28, 2012 at 8:42pmViruses need entry points. That’s why windows is the primary target. It’s so full of entry points, that the millions of viruses out their can feel right at home together. Linux/Mac are not so easy. Even the recent Java based virus didn’t last long – and it was just one. Linux/Mac are just not nearly as inviting as Windows. Nothing is perfect; but, only one major OS maker has a history of infection that massive. Even if one goes by market percentage, MS’s share of viruses dwarfs all others combined, by several orders of magnitude.
Report Post »loriann12
Posted on May 29, 2012 at 6:22amStupid me was using the virus protection that came with my computer (Microsoft). I started getting instances where my window would shut and what looked like Microsoft virus protection would flash up saying I had an unusally high number (usually over 700) viruses and needed to have them removed. The first time, I clicked ok, and it wanted me to install something. Uhh, no. closed it out, after clicking I was sure I wanted to close it a couple of times, and ran the virus protection independently to find a trojan virus that was a fake virus alert. I went and bought a virus protection, and had 3 of the trojans plus 802 tracking cookies or spyware.
Report Post »lketchum
Posted on May 29, 2012 at 6:30am@MrObvious
I don’t intend to be mean, but MrObvious, your comment has to be among the most idiotic I have ever read.
The *Nix are fully ten years behind Windows in the context of security, and that is a very conservative estimate. Even Google’s much noted Chrome browser and its “Sandbox”, does nothing but make use of Microsoft’s “Secured Objects Framework”, which includes a brokering agent, the UIPI. The entire platform is so difficult to crack into that researchers continue to marvel at how robust it is. The *nix, including Mac OS X, remain very easy to penetrate and exploit so deeply, that users have no idea they are rooted. If you have the capacity, I can debate you, or any other party on these matters, but for the love of all things computing, stop with the Linux/Mac are more secure nosense.
Report Post »DoomsdayProphet
Posted on May 29, 2012 at 7:29amsimple way to avoid virus’ do not download anything. Virus software free trials put harmless virus on your system so you buy their program. I have not nor will I run virus software. never had a problem unless i downloaded something i wanted but knew i shouldn’t get.
The biggest threat to anyones security on the internet is the US federal government. Who is handing it to the UN so they can come into the US and arrest its citizens for breaking their laws.
Report Post »MAMMY_NUNN
Posted on May 29, 2012 at 9:47amJust a clean install of Windows will get you a virus and spyware. Who will be in charge of issueing Certificates of Authentication for new hardware and chips ? Microsoft can you spell Monopoly
Report Post »Ghandi was a Republican
Posted on May 28, 2012 at 6:35pmWhy not– Obama has downloaded all our military and infrastructure secrets years ago. This one is to disrupt our elections and/or delete opposition votes. None of this is mysterious.. anymore!
Report Post »freelancer91
Posted on May 28, 2012 at 6:35pmI think that the author of Stuxnet deserves a Nobel Peace Prize. Certainly more than Obama, who hadn’t done anything at the time and has since implemented an assassination czar. The Stuxnet worm set back Iranian progress on a bomb by years.
Also, while 20meg as very large for a virus, this would also presumable make it extremely difficult to reverse engineer. If it manages to metastasize the way stuxnet did, it will be all the more impressive.
Report Post »KidCharlemagne
Posted on May 28, 2012 at 6:20pm“While Stuxnet was 500 kilobytes, Flame is 20 megabytes.”
===============================================
20 Megabytes???????…………that is friggin’ huge! That’s about as brilliant as trying to hide an elephant inside a hotel room…
Typically, common sense dictates that the smaller your malware is, then the easier it is to conceal….
Obviously, the author of ‘flame’ is a complete dufus……it’s either that or The Blaze has started ripping off stories from The Onion now (LOL)
Report Post »XIIHICKSIIX
Posted on May 29, 2012 at 4:14am20 megs and just now finding it.. Whos the duf?
Report Post »NOBALONEY
Posted on May 28, 2012 at 6:13pmDoes the CDC have a shot for the Flame?
Report Post »HeisIAM
Posted on May 28, 2012 at 5:40pmSo Iraq and Jordan are not infected? Very interesting…
Report Post »chips1
Posted on May 28, 2012 at 5:39pmAll of our knowledge is contained on computers. You can’t even buy a candybar at 7-11 unless the computer cash register tells the employee how much it costs including tax. Scientists, studying ancient Egypt can’t even figure out how the pyramids were built or how the Ancients knew so much about the stars. Where did all of the knowledge go? Is there a point where only a certain amount of knowledgw is permitted and then civilization is compelled to start over? The persuit of knowledge is the reason Adam and Eve lost Paradise. Here it comes, folks. Ready to start over. Maybe one of these times, we can get it right.
Report Post »HeisIAM
Posted on May 28, 2012 at 5:43pmNot to mention indoor plumbing in the Indus river valley prior to 2000bc
Report Post »kindling
Posted on May 28, 2012 at 5:35pmPlay with fire…get burned by the flame.
Report Post »Darmok and Jalad at Tanagra
Posted on May 28, 2012 at 5:45pmMaybe the need to rename it “The Blaze”.
Report Post »AUsername
Posted on May 28, 2012 at 5:30pmMore Neo Con and Zionist war propaganda to attack harmless Iran.
Report Post »soybomb315
Posted on May 28, 2012 at 5:38pmquick – someone call Colin Powell
Report Post »burnbabylon
Posted on May 28, 2012 at 6:37pmRe-read the article. It doesn’t sound like “he who smelt it dealt it.”
Report Post »ICanComment
Posted on May 28, 2012 at 9:30pm@AUSERNAME
I’ll say the same thing to you that I said to a user named MaryBethElizabeth. (Oddly enough, your messages read very similarly. Gee, I wonder why?)
I’m continually surprised by the number of people who read a headline, skim over an article, and then either knowingly comment incorrectly, or jump to an incorrect conclusion without much apparent effort.
Please read the article again (or for the first time). “Found in Iran” does not mean “originated from Iran.” In fact, the article seems to insinuate that the “virus” (Trojan horse?) may have originated from the same authors of Stuxnet, which targeted Iran’s nuclear program specifically.
Propaganda? Heck, all of the news is written by human beings, so it’s all biased. This article, however, is on the low end of the bias scale, besides the headline. (My opinion, of course, but that goes without saying, given that this is the comments section.)
I always wonder why people who don’t seem to care for the Blaze comment so much on the articles here. If you don’t like it, why are you here? I don’t like HuffPo, so why would I go there and read articles, let alone comment there? That would be trolling, it would seem. Could it be… that you have an agenda? If you don‘t like The Blaze and you think it’s Neocon propaganda, don’t you have better things to be doing than trying to purposely torque people off? Go read news that you like, or find some other edifying activity.
Report Post »Walkabout
Posted on May 29, 2012 at 10:18amColin Powell says that “if we break it we own it”. That means nation building. That means leftist ‘terd’ antiwar protesting.
But if we can’t over throw the government of a nation that attacks us or harbors those that do, then what can we do?
Throw a couple cruise missiles like the reprobate Bill Clinton. That achieved what?
“The August 1998 bombings of Afghanistan and Sudan (codenamed Operation Infinite Reach by the United States) were American cruise missile strikes on terrorist bases in Afghanistan and a pharmaceutical factory in Sudan on August 20, 1998. The attack was in retaliation for the bombings of American embassies in Kenya and Tanzania which killed 224 people (including 12 Americans) and injured 5,000 others.”
Then Al Qaeda kept training terrorists & bombed the USS Cole in 2000 & 911 in 2011.
Ya the Democrap/Clinton’s approach worked!
If we take out the Taliban & then rebuild so that they cannot retake Afghanistan, then the Demoncats call out their goon squad, the antiwar protesters & OWS.
Report Post »soybomb315
Posted on May 28, 2012 at 5:26pmcomputer virus using 5 year old technology? I cant even get my 5 year old computer to turn on anymore – you telling me that virus still works?
Report Post »chips1
Posted on May 28, 2012 at 5:54pmSOY:
Report Post »At least Mine has a yellow light that comes on, but it doesn’t do anything else. It’s been sitting in the same place for 7 years. Gateway wouldn’t help me and then the store went out of business.
Walkabout
Posted on May 29, 2012 at 10:45amA computer is nothing more than a machine (to state the obvious & if you conduct proper maintenance, it will last a long time.
Report Post »Darmok and Jalad at Tanagra
Posted on May 28, 2012 at 5:24pmYaaaa, whatever, Romney bullied someone in highschool. Republicans want a war on women. Birthers are crazy. Malia went to a concert. Facebook went public.
Come on people, lets stick to the really import things, like who won American Idol, and what Romney did back in High School. And did I mention Facebook went public? Take the blue pill and go back to sleep, all is well.
Report Post »tharpdevenport
Posted on May 29, 2012 at 2:09pmWhy, back in my day the pill was purple and had words pressed into it. And we had to walk 50 miles in the now to get one. You could get one for $0.05 cents, out of a quarter, and still have enough to get soda pop and take in a motion picture!
Report Post »