Security experts have discovered a highly sophisticated computer virus in Iran and other Middle East countries that they believe was deployed at least five years ago to engage in state-sponsored cyber espionage.
Evidence suggest that the virus, dubbed Flame, may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear programme in 2010, according to Kaspersky Lab, the Russian cyber security software maker that claimed responsibility for discovering the virus.
Kaspersky researchers said on Monday they have yet to determine whether Flame had a specific mission like Stuxnet, and declined to say who they think built it.
Iran claimed on Tuesday to have come up with an anti-virus program against “Flame.”
“Tools to recognize and clean this malware have been developed and, as of today, they will be available for those (Iranian) organizations and companies who want it,” Maher, a computer emergency response team coordination center in Iran’s telecommunications ministry, said on its website.
“Experts from Maher... have said that the theft of large volumes of data in recent weeks was caused by Flame,” the Fars news agency reported.
Cyber security experts said the discovery publicly demonstrates what experts privy to classified information have long known: that nations have been using pieces of malicious computer code as weapons to promote their security interests for several years.
“For anyone who sees the Iranian threat as significant, it is reasonable that he would take different steps, including these, in order to hobble it,” Israeli Strategic Affairs Minister Moshe Yaalon told Israel’s army radio on Tuesday, just hours after the virus was discovered by Kaspersky Lab.
“Israel is blessed with being a country which is technologically rich, and these tools open up all sorts of possibilities for us,” he said.
Kaspersky Lab said that the virus was several times larger than the Stuxnet worm that was discovered in 2010 and was used against the Iranian nuclear program, reportedly at the behest of Western security agencies.
Flame is “actively being used as a cyber-weapon attacking entities in several countries,” Kaspersky said in a statement late on Monday, describing its purpose as “cyber-espionage.”
“The complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date,” it added.
According to Kaspersky, Flame “can steal valuable information, including but not limited to computer display contents, information about targeted systems, stored files, contact data and even audio conversations.”
It did not say which country the virus was aimed at but said the investigation was initiated after a series of incidents with a still unknown virus which deleted data on computers in the “Western Asia” region.
The statement also contained no clues over which party could have been behind the attack.
According to Western media reports, Flame has been used to attack the Iranian oil ministry and Iran’s main oil export terminal.
Kaspersky said Flame had been “in the wild” for more than two years, since March 2010.
“Due to its extreme complexity, plus the targeted nature of the attacks, no security software detected it.”
Flame is “one of the most advanced and complete attack-toolkits ever discovered.”
It said that Flame belongs to the same category as previous superworms like Duqu or Stuxnet.
“The Flame malware looks to be another phase in this war and it’s important to understand that such cyber weapons can easily be used against any country,”said Kaspersky Lab CEO Eugene Kaspersky.