BOSTON: Security experts have discovered a highly sophisticated computer virus in Iran and the Middle East that they believe was deployed at least five years ago to engage in state-sponsored cyber espionage.
Iranian officials have acknowledged that the sophisticated virus has infected computers across the country and, echoing the conclusions of security researchers, suggested that the malicious code is related to the virus that damaged centrifuges in an Iranian nuclear facility two years ago.
In a statement, Iran’s National Computer Emergency Response Team said that “investigations during the last few months” had resulted in the detection of the virus, which has been dubbed Flame and is capable of stealing data from infected computers.
“It seems there is a close relation to the Stuxnet and Duqu targeted attacks,” the statement said, referring to two other viruses. Stuxnet damaged hundreds of centrifuges at the Natanz nuclear plant. Duqu, like Flame, was apparently built for espionage but shared characteristics with Stuxnet.
The Iranians also said they had developed tools to detect and remove Flame from infected computers.
Iran has in the past blamed Israel and the United States for creating Stuxnet, but there has been no proof of authorship.
Kaspersky researchers said they have yet to determine whether Flame had a specific mission like Stuxnet, and declined to say who they think built it.
Iran has accused the United States and Israel of deploying Stuxnet.
Cyber security experts said the discovery provides new evidence to the public to show what experts privy to classified information have long known: that nations have been using pieces of malicious computer code as weapons to promote their security interests for several years.
“This is one of many, many campaigns that happen all the time and never make it into the public domain,” said Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs.
Experts at Kaspersky Lab and Hungary’s Laboratory of Cryptography and System Security who have spent weeks studying Flame said they have yet to find any evidence that it can attack infrastructure, delete data or inflict other physical damage.
Yet they said they are in the early stages of their investigations and that they may discover other purposes beyond data theft. It took researchers months to determine the key mysteries behind Stuxnet, including the purpose of modules used to attack a uranium enrichment facility at Natanz, Iran.
“Their initial research suggest that this was probably written by the authors of Stuxnet for covert intelligence collection,” said John Bumgarner, a cyber warfare expert with the non-profit US Cyber Consequences Unit think tank.
Flame appears poised to go down in history as the third major cyber weapon uncovered after Stuxnet and its data-stealing cousin Duqu, named after the Star Wars villain.
Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats. Kaspersky Lab said Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and that both viruses employ a similar way of spreading.
A US Defense Department spokesman, David Oten, refused to comment on Flame, saying it may take “some time.”
FROM: AGENCIES
Tehran acknowledges Flame virus has infected computers
