Iran reported substantial damage and huge data lost due to malicious software dubbed as Flame. It could be 3rd most powerful virus after Stuxnet and Duqu viruses. Largest number of infected machines is in Iran, followed by the Israel/Palestine, then Sudan and Syria.
What is Flame?
- Flame is a complex data stealing Virus that contains about 20 times as much code as Stuxnet about and about 100 times as much code as a typical virus designed to steal financial information.
What is the potential of Flame?
Flame is capable of:
- gathering data files
- remotely change settings on computers
- turn on PC microphones to record conversations
- take screen shots
- log instant messaging chats
Thus it can steal sophisticated data from computers by exploiting flaws in the Windows O/S.
- Stuxnet: A computer worm. Basically spies on and subverts industrial systems. It is notorious for attacking and damaging centrifuges of an Iranian uranium enrichment facility in 2010.
- Duqu: Also a computer worm which is often related to the Stuxnet. It was named “Duqu” as it gives prefix "~DQ" to the names of files it creates.
To understand the potential of FLAME more, lets see the 5 dimensions of FLAME:-
- One of the most complicated pieces of malicious software ever discovered.
- Nearly 20 times as much code than Stuxnet.
- Built with some 20 modules which even the researchers can’t fully understand.
- Most complete data-stealing tools found to date.
- Can record sounds, access Bluetooth communications, capture regular screenshot images and log Internet Messaging conversations.
- A network of over 80 servers across the world used by the FLAME creators to remotely access infected machines.
- Can change settings on PC
- Can quietly gather the stolen data
- Largest such Command and Control network identified to date.
- Most number of infected infected systems found in Iran, followed by Israel and the Palestinian territories.
- Also found in Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
- Estimated 1,000-5,000 machines infected worldwide.
- Kaspersky Lab, which claimed credit for uncovering Flame, believes the virus may be the work of the same nation or nations that built the Stuxnet worm that attacked Iran's nuclear program in 2010. But the Kaspersky researchers declined to say which nation or nations they believe are behind Flame.
Why the needle of suspicion points towards the same nation states that build Stuxnet?
Actually, the creators of Stuxnet and Flame employed similar techniques to infect computers, which suggests that they were "parallel" projects backed by the same nation state.