New super cyber weapon ‘Flame’ identified

29 May 2012

New spy malware that is said to be 20 times larger than the cyber weapon Stuxnet has apparently been identified infecting systems in several countries in the Middle East such as Iran as part of a cyber-espionage operation.

The malware has been dubbed ‘Flame’ by the Russian anti-virus firm Kaspersky Lab, which claims it discovered the Trojan during an investigation that was sparked by the UN’s International Telecommunication Union (ITU).

According to Kaspersky, the complexity and functionality of Flame surpasses those of all cyber weapons known to date.

Back in 2010, the cyber weapon Stuxnet came to the fore after Iran’s Bushehr nuclear plant was attacked by the computer worm. At the time Stuxnet was described by analysts as one of the most refined pieces of malware ever found.

Then, last October we heard of Duqu, which was dubbed by security analysts as the ‘son of Stuxnet’. The purpose of the Duqu Trojan was to gather information from industrial control systems used in manufacturing and power plants that could be used in future cyber attacks.

Kaspersky said Flame has been designed to carry out cyberespionage, with the capacity to glean valuable information that’s not just limited to computer display contents, but also information about targeted systems, stored files, contact data and audio conversations.

It detected the malware as Worm.Win32.Flame.

Malware ‘in the wild’

From their independent research, the ITU and Kaspersky said preliminary findings point to how this malware has been, what they call ‘in the wild’, for more than two years.

They said that because of Flame’s extreme complexity, as well as the targeted nature of the attacks, no security software detected it.

“The risk of cyberwarfare has been one of the most serious topics in the field of information security for several years now. Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide,” said Eugene Kaspersky, CEO and co-founder of Kaspersky Lab.

He went on to say that cyber weapons such as Flame could easily be used against any country.

“Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case.”

Experts at Kaspersky are carrying out deeper analysis of Flame and the company said it would be revealing more details about the new threat, as they become known.

What is known, according to Kaspersky, is that Flame consists of multiple modules and is made up of several megabytes of executable code in total. It said this means it is around 20 times larger than Stuxnet.

ITU is set to use the ITU-IMPACT network, which consists of 142 countries and industry players, to alert governments and the tech community about this cyber threat.

Carmel Doyle was a long-time reporter with Silicon Republic

editorial@siliconrepublic.com