You have commented 339 times on Rantburg.

Your Name
Your e-mail (optional)
Website (optional)
My Original Nic        Pic-a-Nic        Sorry. Comments have been closed on this article.
Bold Italic Underline Strike Bullet Blockquote Small Big Link Squish Foto Photo
Submit your comments on this article
Science & Technology
'Most sophisticated cyber virus ever' hits West Bank computers
2012-05-29
More on the 'Flame' virus, and a hat tip to Legal Insurrection...
A new, unprecedented computer virus called "Flame" (or "sKyWIper") has hit Iran, the West Bank, and other Middle Eastern locations. It is already considered one of the most sophisticated cyber weapons ever unleashed. Internet security company Kaspersky said Monday that Flame was the "most complex piece of malicious software discovered to date."

The cyber-espionage worm, designed to collect and delete sensitive information, is said to have 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility (and some 16,000 computers), causing centrifuges to fail. Iran blamed Israel and the US for its creation.

Flame is also believed to contain an element that was used in Stuxnet. Kaspersky said the Flame malware may have been lurking inside thousands of computers across the Middle East for between five and eight years. The creator of the virus is not yet known.

The Laboratory of Cryptography and System Security (CrySyS Lab), affiliated with Budapest University, said the analysis on the virus is still limited in scope, but that the virus is a complex "info-stealer... with large components."

Flame is the third cyber weapon uncovered recently, after Stuxnet and Duqu (named after a Star Wars villain).

The country with the largest number of machines infected by Flame is believed to be Iran, following by the West Bank, and Sudan and Syria after that. Lebanon, Saudi Arabia, and Egypt have also been affected.

From the Telegraph:

Crysys Lab, which analyses computer viruses at Budapest University. said the technical evidence for a link between Flame and Stuxnet or Duqu was inconclusive.
The newly-discovered virus does not spread itself automatically but only when hidden controllers allow it.

Unprecedented layers of software allow Flame to penetrate remote computer networks undetected.

The file, which infects Microsoft Windows computers, has five encryption algorithms, exotic data storage formats and the ability to steal documents, spy on computer users and more. Components enable those behind it, who use a network of rapidly-shifting "command and control" servers to direct the virus, to turn microphone into listening devices, siphon off documents and log keystrokes.

Eugene Kaspersky, the founder of Kaspersky Lab, noted that "it took us 6 months to analyse Stuxnet. [This] is 20 times more complicated".

Once a machine is infected additional modules can be added to the system allowing the machine to undertake specific tracking projects.
Posted by:Steve White

#6  Too bad we can't use this thing on the NYT to find out who their sources are inside the CIA. I'd love to string a bunch of them up by their thumbs on the Capitol Mall.
Posted by: Bill Clinton   2012-05-29 17:58  

#5  Using pirated software to run computers usually means the company with the copyright and patents probably won't be answering your service calls when your computer hiccups.
Posted by: Procopius2k   2012-05-29 13:51  

#4  The Debka people claim the Flame virus has also hit Israeli computers...

Cyber experts rate “Flame,” which has been around for five years, as one of the common or garden viruses affecting computers in many places, Israel and Iran included. It is not in the same class as Stuxnet, the only malworm that seriously disrupted Iran’s nuclear facilities in 2009 until it too was overcome.  DEBKAfile: Since then, cyber warfare has moved onto a higher plane as was discovered when Chinese experts downed the US RQ-170 spy drone over Iran in December 2011.

An interesting statement, it seems to me in my ignorance.
Posted by: trailing wife   2012-05-29 12:39  

#3  By targeting limited individuals, it also seems to link those in Iran to Syria and the West Bank. It even turns on the microphone remotely to listen in--GOTCHA!!!! :D
Posted by: Omoluque Hapsburg8162   2012-05-29 12:09  

#2  from Fox: Vitaly Kamluk, chief malware expert for Kaspersky Labs, said there were many pointers to it being a weapon, not the least of which was how highly-targeted it was. According to their investigations, only 382 infections have been reported, 189 of which were in Iran, and the malware targeted individuals rather than organizations.

Kamluk said the malware was most likely introduced by a USB stick or other removable drive. Once injected, the malware would contact one of the many command and control servers around the world and download additional modules as needed."Unlike Stuxnet," said Kamluk, "[Flame] was much more sophisticated and not simply trying to infect every machine." He said the malware was also able to find out information about other devices around it.

Sure hope it was us...

Posted by: Omoluque Hapsburg8162   2012-05-29 12:00  

#1  They should have known better than to surf the pr0n sites from their work computers...
Posted by: Glenmore   2012-05-29 08:30  

00:00