New 'Flame Virus' Bigger Than Stuxnet: Report

Dennis Faas's picture

A leading security firm says it has discovered a virus that could be more sophisticated and potentially more dangerous than Stuxnet, which wreaked havoc last year.

The new virus, called "Flame," appears however to be designed to steal data rather than to cause physical damage to computer systems.

Security experts at Kaspersky Lab say Flame gathers data from infected machines using a comprehensive range of tactics.

Rather than simply copy files and track online activity, it attempts to track what a user is typing, take screenshots, and even make audio recordings from online telephone discussions.

Flame can also attempt to gather data from connected Bluetooth devices.

Kaspersky Lab describes the virus as a "complete attack toolkit."

Security expert Alexander Gostev said, "It's big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage." (Source: securelist.com)

Stuxnet Attacked Nuclear Equipment

At the moment, Flame appears to be affecting computers located in the Middle East, with Iran the most targeted nation.

That's reminiscent of the Stuxnet virus, which attacked uranium enrichment control computers in that same country. The aim was to force the centrifuges used in the enrichment process to speed up and slow down repeatedly until their motors blew out.

Flame has affected more countries than just Iran though: at least half a dozen of its neighbors, including Israel, have come under Flame attack.

As a result, experts infer the virus isn't necessarily related to the conflict between Israel and its Arab neighbors. (Source: pcmag.com)

Flame May Be Government Product

Nevertheless, Kaspersky experts are convinced Flame is the work of a nation-state. They say there's no obvious financial motive in Flame for cyber-criminals, and the virus is too sophisticated to have been produced by so-called "hacktivist" protestors.

Right now the virus doesn't appear to be aimed at any specific industry, though many of its victims seem to be in government or government-related activities.

Insiders say Flame was first discovered in the spring of 2010, around the same time as Stuxnet. Kaspersky's experts believe that Flame may have been created by the same people, with the aim of using it as a back-up if and when authorities eliminated  Stuxnet.

The Flame virus is designed in a modular format, with the section actually used to infect a machine being relatively small. Once installed on a computer, the virus then downloads additional modules of its own code, depending on the specific tasks its creators want it to carry out.

There appear to be as many as twenty different modules of code in Flame. This makes it much harder to track and monitor the virus, since different infected computers will carry different combinations of its modules.

Rate this article: 
No votes yet