A Russian computer firm has discovered a new computer virus with unprecedented destructive potential that chiefly targets Iran and could be used as a “cyberweapon” by the West and Israel.
Kaspersky Lab, one of the world’s biggest producers of anti-virus software, said its experts discovered the virus — known as Flame — during an investigation prompted by the International Telecommunication Union (ITU).
Iran appears to have been the main target of the attack and the announcement comes just a month after the Islamic Republic said it halted the spread of a data-deleting virus targeting computer servers in its oil sector.
Kaspersky said the virus was several times larger than the Stuxnet worm that was discovered in 2010 and targeted the Iranian nuclear programme, reportedly at the behest of Western or Israeli security agencies. It said the main task of Flame is cyber espionage, meaning it steals information from infected machines including documents, screenshots and even audio recordings. It then sends the data to servers all over the world. Flame is “actively being used as a cyberweapon attacking entities in several countries,” Kaspersky said in a statement late on Monday. Flame is “one of the most advanced and complete attack-toolkits ever discovered.”
“The complexity and functionality of the newly discovered malicious programme exceed those of all other cyber menaces known to date,” it added.
The origin of the Stuxnet worm has never been made clear but suspicion has fallen on the United States and Israel which both accuse Iran of seeking to build an atomic weapon. The chief security expert at Kaspersky, Alexander Gostev, said that Iran was the country by far the worst affected by Flame followed by Israel/Palestinian Territories, Sudan, Syria and Lebanon. “The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it,” he said in an analysis article.
He said that the aim of the virus was clearly to “collect information” on the operations of states in the Middle East such as Iran, Lebanon and Syria.
However, like Stuxnet and another previous superworm Duqu, “its authors remain unknown”, he said.
“Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists,” he added.
Without giving any indication that Israeli spy agency Mossad could be involved in Flame, Israel’s Strategic Affairs Minister Moshe Yaalon said such cyberweapons were an important part of the arsenal of Iran’s enemies.
“For anyone who sees the Iranian threat as significant, it is reasonable that he would take different steps, including these, in order to hobble it,” he told army radio.
