Update: The United Nations is sending out a warning to member countries about cyberwar tool Flame.
Iran has confirmed the presence of a new and highly complex piece of malware targeted at Middle Eastern countries. The virus, called Flame, is said to be as worrisome as Stuxnet, which plagued Iranian nuclear systems in 2010.
“This malware is a platform which is capable of receiving and installing various modules for different goals,” Iran’s CERTCC said in a blog post. “The research on these samples implies that the recent incidents of mass data loss in Iran could be the outcome of some installed module of this threat.”
Iran says that it has created an anti-virus tool that can detect Flame, as well as a removal tool, which is being distributed.
The New York Times is reporting that this virus has hit high-ranking Iranian officials. Russian security company Kaspersky Lab first unveiled the virus yesterday, saying it was one of the most complex cyberwar tools it has ever seen. It may have been running unchecked for at least two years, and was attacking a number of household computers around the Middle East. The firm found Flame while researching another virus called Viper, which was deleting hard drives in the Middle East and recently caused Iran to shut down Internet access to its oil infrastructure.
The United Nations is sending out a warning about Flame to its member countries agreeing that it may be a state-sponsored attack, according to news site Aljazeera.
“This is the most serious [cyber] warning we have ever put out,” said UN cyber security coordinator Marco Obiso, cyber security told Aljazeera.
Flame has the ability to turn on a computer’s microphone and record audio of conversations happening around the computer. It can listen for when you open up “interesting” communications programs, such as an instant message box, and take screenshots to record the conversation. It can also watch for your keystrokes, and listen in on your network, all the while sending this information back to its many command and control servers.
Both Iran’s CERT and Kaspersky note that it is similar to Stuxnet, a state-sponsored virus that was used to attack infrastructure that provided fuel to Iran’s nuclear program. Flame does not attack these types of systems, or SCADA systems. However, Kaspersky believes that like Stuxnet, Flame is a state-sponsored attack, and according to the New York Times, Israel may be hinting its involvement.
“Anyone who sees the Iranian threat as a significant threat, it’s reasonable that he will take various steps, including these, to harm it,” said Moshe Yaalon, Israel’s vice prime minister and strategic affairs minister, on Army Radio Tuesday. “Israel was blessed as being a country rich with high-tech, these tools that we take pride in open up all kinds of opportunities for us.”