Powered by WebAds

Tuesday, May 29, 2012

New massive spy malware found in Iran

A new piece of massive spy malware called 'Flame' has been found in Iran (Hat Tip: Memeorandum).
The malware, discovered by Russia-based anti-virus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years.

Dubbed “Flame” by Kaspersky, the malicious code dwarfs Stuxnet in size – the groundbreaking infrastructure-sabotaging malware that is believed to have wreaked havoc on Iran’s nuclear program in 2009 and 2010. Although Flame has both a different purpose and composition than Stuxnet, and appears to have been written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals — marking it as yet another tool in the growing arsenal of cyberweaponry.

The researchers say that Flame may be part of a parallel project created by contractors who were hired by the same nation-state team that was behind Stuxnet and its sister malware, DuQu.

“Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide,” said Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, in a statement. “The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country.”

Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.

The malware, which is 20 megabytes when all of its modules are installed, contains multiple libraries, SQLite3 databases, various levels of encryption — some strong, some weak — and 20 plug-ins that can be swapped in and out to provide various functionality for the attackers. It even contains some code that is written in the LUA programming language — an uncommon choice for malware.

Kaspersky Lab is calling it “one of the most complex threats ever discovered.”
Read the whole thing. This one does everything but wash the dishes for you, and from the fact that the second most common place for finding infections (after Iran) is the 'Israeli-occupied territories' and that it's also hit Lebanon and Syria, I would guess that people are going to think that the evil Jooos are behind it.

Here's a report based on Iranian sources (Hat Tip: MFS - The Other News).
Iran's National Computer Emergency Response Team has detected an attack of a new computer virus close to Stuxnet and Duqu malwares.

CERT announced on Sunday that following the continuous research on the targeted attacks of Stuxnet and Duqu since 2010, it detected a new attack, codenamed "Flamer" and launched by a new malware.


According to CERT, the research results show that the recent incidents of mass data loss in Iran could be the outcome of the new virus' attack.
More here.

Granted Iran, but what's more intriguing to me is the possibility that Israel could have planted malware in 'Palestinian Authority' computers. The 'Palestinians' have had some problems themselves lately, and are accusing Mohamed Dahlan and Mohamed Rashid of messing with their computers. What if it's the Jooos instead?


For the next several hours, posting may be sporadic.

Labels: , , , , , ,


At 10:50 AM, Anonymous Anonymous said...


Have you misreported above?

This 'Flame' Virus has targeted Israel, so it may not be Israel behind it. Israel proper, not just Occupied Palestine.

How do you know it's the US spying on Israel?

Where is your source that claims it's only the 'Israeli occupied territories?"

The Reuters report in the Yahoo News link you posted says:


In other words both Israel and Occupied Palestine has been affected. This ties in with other reports i've seen that says Israel was targeted too.


Kaspersky's research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.

At 1:06 PM, Blogger NormanF said...

Its certainly of Israeli origin.

Israel is neither confirming nor denying "Flame" is an Israeli cyberwar weapon.

But its enemies must be concerned Israel now possesses their deepest secrets and the damage may take them years - possibly decades to recover from.

In high-tech warfare, Israel is an emerging world leader.


At 2:13 PM, Anonymous Anonymous said...

I made a typo above, I meant to write

"How do you know it's NOT" the US spying on Israel? "


Bogie Yalon didn't confirm that Israel was behind it. How do you know it's the US behind this virus spying on both Iran and Israel?

At 3:47 PM, Blogger debbie said...

Why do you Post comments from Chayma???
Disagreement I understand, but her comments are indecipherable. What is she talking about?
Any one else in favor of banning her? Let's vote her off the island.

At 6:40 PM, Anonymous Anonymous said...


It's par for course for an ameoba brained nitwit like you to find my comments 'indecipherable' and to feel threatened enough to want me banned. Typical right wing thuggish tactics, when you cannot use thuggery and force, you censor. That is what destroy the US.

In simple language, my comments above mean:-

Israel is not behind this virus. It could be China, or Russia or even Iran herself.

Is that 'indeciphered' for you, ignorant one?


Post a Comment

<< Home