My Twitter Timeline is full news about the discovery of the malware called Flame, which was found mainly in Iran and some other middle east countries. This is also another malware targeting particular countries and used for espionage which has some unique features that separates it from other malware like Stuxnet, and Duqu and some features that resembles them.
- It is a backdoor virus, a trojan virus and also a worm combined, it spreads mainly via USB devices and through networks.
- It has a complete malware, it can record audio from the mic of the computer, take screenshots and also log key presses and send them to the command and control center. Although there have been malware with such features this is the first malware to have all these features.
- Flame malware is large which is 20mb, where most of the malware that are found these days are mostly smaller in size.
- The malware is highly complex, it has multiple compression and encryption methods to be used for the data sending to the command and control servers.
According to researchers it has some features common to Stuxnet, which targeted nuclear power plants of Iran, Flame is also used for industrial espionage and use the same vulnerability in Windows to infect. This is another example for cyber attacks targeting governments and high-profile targets of countries.
It’s not hard for one to imagine that an average person or a group, because :
- An average coder or a group can’t create malware with such complexity. It requires a group of highly talented group of people specialized in designing such malware which only very few countries in the world possess.
- An average person or a group has no need of such a malware to spy on Iran and other Middle Eastern countries other than another country who are keen to keep an eye on Middle East, and only few countries have talent to build such a malware, like US, Israel or China who are famous for its hacking capabilities.
As this article from Reuters points out,
It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab’s work were made available on Monday.
According to Kaspersky the Flame malware has gone undetected for five years which is a pretty long time and if someone or a country can build such a tool five years ago. One can imagine how complex these industrial malware have evolved now, and the tech skills of the builders of Flame could have achived by now.
This also makes a question that how many unknown cyber operations are currently out there happening around the world done by countries, and cyber capabilities of other countries. Because, malware like Duqu, Stuxnet are not malware that are not made and being used by ordinary hackers. According to my friend @ipv10 who is a web researcher herself looking at the distribution and capabilities required to build such a malware the origin of the malware should be non other than USA.
If you are skeptic about cyber warfare, it has already begun. And when other countries are moving fast in the direction of arming themselves with cyber weapons inducing India, all we are doing is hunting perverts on Facebook, time for us to move on improving out cyber capabilities.
You can read Kaspersky’s blog post of comprehensive explanation of Flame malware : http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers