Flame virus is mid-east cyber-broiler

Supposedly, the Flame virus is the biggest cyber-weapon yet discovered. The malware is targeting middle-eastern countries and stealing information, but who wrote it, and why? In IT Blogwatch, bloggers toss out their theories.  

By Richi Jennings: Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Is Pluto a planet? And why are we still debating this?..

Lucian Constantin memorializes:

According to the Iranian Computer Emergency Response Team...the new piece of malware is called Flame and might be responsible for recent data loss incidents. ... Malware researchers from...Kaspersky Labs have also analyzed the malware. ... [W]hile it is similar to Stuxnet and Duqu...it has different features and [is] more complex.


It can perform a variety of malicious actions...[e.g.] use a computer's microphone to record conversations, take screenshots...record keystrokes, sniff network traffic and communicate with...Bluetooth devices.   

Kim Zetter has more:

Although Flame has both a different purpose and composition than Stuxnet...the geographic scope of its infections and its behavior indicate...that a nation-state is behind Flame...marking it as yet another tool in the growing arsenal of cyberweaponry.


The researchers say they don’t know yet how an initial infection of Flame occurs. ... [It can] infect a fully patched Windows 7 computer, which suggests that there may be a zero-day exploit...that the researchers have not yet found.   

Kaspersky's Alexander Gostev answers your questions:

Flame can easily be described as one of the most complex threats ever discovered. ... It pretty much redefines the notion of cyberwar. ... Flame is a sophisticated attack toolkit. ... It is a backdoor, a Trojan, and it has worm-like features.


Flame was out in the wild as early as February or March 2010. ... There is no information [to] tie Flame to any specific nation state. So, [as] with Stuxnet and Duqu, its authors remain unknown. ... [It's] designed for general cyber-espionage purposes...with probably thousands of victims worldwide...including academia, private companies, specific individuals and so on.   

Here's official Iranian CERT blogger Khatib Joy:

At the time of writing, none of the 43 tested antiviruses could detect [it]. ... Nevertheless, a detector was created by [us] and delivered to selected organizations and companies in [early] May. And now a removal tool is ready to be delivered.   

Meanwhile, Will Woodhull has this intriguing theory:

The way the news about stuxnet was dribbled out...Iran has had to [do more] system reviews. And all those Iranian tech people...tied up in assuring that military and critical civilian systems are clean...are no longer available for...refining nuclear detonation models or missile control systems.


[Tie] up the intellectual resources of a country...bring the development of their war machine to a grinding halt...without anyone having to dodge real bullets. ... It is plausible that we are now learning about Flame because its controllers have decided that it is time to go public.


I do not much like the current regimes in Iran and Syria...it would be a good thing if they had to spend...their resources on assuring that all their computers were clean.   


And Finally...

Is Pluto a planet? And why are we still debating this?    

Don't miss out on IT Blogwatch:

Richi Jennings, your humble blogwatcher

Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's the creator and main author of Computerworld's IT Blogwatch, for which he has won ASBPE and Neal awards. He also writes The Long View for IDG Enterprise. A cross-functional IT geek since 1985, you can read Richi's full profile and disclosure of his industry affiliations.


Copyright © 2012 IDG Communications, Inc.

Shop Tech Products at Amazon