More malware targeting Iran could yet be discovered

22 September 2012 | 16:32 Code : 1907107 Latest Headlines

 

Fresh analysis of the malware Flame, which had affected thousands of computers in Iran and several other Middle Eastern countries, suggests that it could be part of a much wider “family”, BBC reported on Tuesday.   
 
On May 28, Reuters reported that security experts had discovered a new data-stealing spyware virus dubbed Flame that had lurked inside thousands of computers in several Middle Eastern countries, including Iran, for as long as five years as part of a sophisticated cyber warfare campaign. 
 
Flame has already been linked to Stuxnet, a worm that attacked Iran’s nuclear infrastructure, and Duqu, a data-stealing worm that also infected some of Iran’s computer systems.
 
In September 2010, it was reported that the Stuxnet worm, which is capable of taking over power plants, had infected some industrial sites in Iran. 
 
In September 2011, news agencies reported that another computer worm named Duqu had targeted some Iranian organizations and companies.
 
According to BBC, analysis of the server controlling the Flame malware suggests three similar pieces of code are as yet undiscovered. 
 
The study also suggests Flame dates back to 2006, much earlier than previously thought.
 
The new report is a joint study from security firms Symantec, Kaspersky, the Crypto Labs in Budapest and the UN’s International Telecommunications Union.
 
They were given access to the command and control servers of Flame.
 
It revealed the servers were using four communications protocols, only one of which was being used by Flame.
 
“I can’t imagine that the other three were not being used. The conclusion seems to be that there is something else out there,” said Prof. Alan Woodward, a visiting professor at the University of Surrey’s department of computing.
 
Flame has been described as one of the most complex computer threats ever discovered, but the study suggests attempts to destroy all evidence of it went wrong because of a spelling mistake.
 
“One might imagine that this type of code had a ‘kill’ button but in fact they had to program it,” said Prof. Woodward. 
 
“Those behind it did try and destroy it. They may have known that they were about to be rumbled, but they failed at the last minute by mistyping the name of the file,” he added.
 
Many believe the complexity of Flame and the other pieces of related malware points to state-sponsorship, but Prof. Woodward said the latest analysis showed little involvement from intelligence agents. 
 
“They don’t start from the perspective of what can I look for. It appears to be written by computer analysts not intelligence analysts,” he said.
 
In recent years, Iran has been the target of several major cyber attacks, which have successfully been repelled. 
 
In addition to the mentioned cyber attacks, Iranian officials announced in April 2011 that the country had been targeted by a new computer worm named Stars. 
 
The New York Times reported on June 1 that from his first months in office, U.S. President Barack Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding the United States’ first sustained use of cyber weapons.