29th May, 2012
"Flame", A Complex And Advanced Cyber-Attack Malware, Plagues Middle-East Govts
Worm steals sensitive data from government and university servers; said to be deadlier than Stuxnet.
Government computers in the Middle-East are facing one of the most complex cyber-attacks in recent history, known as Flame. Kaspersky Labs has reported that this malware has been operational since August 2010, and has been collecting private data from countries including Israel and Iran. Considering its size and sophistication, the firm believes the malware has the hallmarks of being state-sponsored. This means that it was most likely developed and deployed by a country, and not an individual, although its source could not be determined. Stating that this is one of the most complex threats ever discovered, it was revealed that the attack was carried out in conjunction with the UN's International Telecommunication Union. Interestingly, this threat was uncovered while investigating another threat known as Wiper, which was said to be deleting data on computers in western Asia.
Flame has not seen to cause any physical damage as of now, but it has sent alarm bells ringing due to the huge amount of highly sensitive data that it has stolen, raising doubts about what evil design the malware creator had in mind. Kaspersky expert Vitaly Kamluk said, "Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on".
Flame has reportedly hit more than 600 sensitive targets ranging from individuals, businesses, academic institutions, and government systems. Iran has once again been affected, as its National Computer Emergency Response Team posted a security alert about the malware being responsible for "recent incidents of mass data loss".
Stuxnet, another targeted malware, has been known to attack nuclear infrastructure in Iran in the past, while Duqu sought to steal data by infiltrating networks. In comparison to Stuxnet, which had a single purpose, Flame can be modified to get any information that it can possibly obtain and also use it in any possible way, with the addition of modules. It can be thought of as an OS that runs in stealth mode, and allows applications in the form of modules to install and perform additional tasks. This makes it a lot more complex and dangerous than any of the malware threats that have made headlines in recent times.
Flame has currently been known to target machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt. The malware code is said to be 20 MB in size and it could take several years to analyse. However, if left unchecked, it has the potential to cause worldwide pandemic, unless of course, its designer seems to have other intentions.