- Posted on May 28, 2012 at 5:15pm by Liz Klimas
A new computer virus that appears to have been deployed five years ago was recently discovered in Iran and cyber security experts suggest it could have been built by the same entities that ordered the 2010 Stuxnet attack, according to Reuters.
The presence of the virus — dubbed “Flame” — was announced by the Russian-based Kaspersky Labs on Monday. Reuters reports the security software firm has not said whether the cyber weapon was deployed with a specific mission like that of the Stuxnet worm, which is suspected to have been launched to help take down Iran’s nuclear infrastructure.
Comparing Flame to Stuxnet, Reuters reports experts finding the virus has 20 times more code. Compared to most computer viruses that steal financial information, Flame has 100 times more code. Kaspersky Labs found it exploits a vulnerability in Windows, like Stuxnet. BBC reports that this newly discovered virus is being called “one of the most complex threats ever discovered.” Here’s a few more on the details being reported about the virus from Reuters:
Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.
Kaspersky Lab said Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and that both viruses employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, [Kapersky Lab senior researcher Roel] Schouwenberg said.
Wired reports Chief Security Expert at Kaspersky Alexander Gostev saying it could take 10 years to completely understand how Flame works. While Stuxnet was 500 kilobytes, Flame is 20 megabytes. Here’s more from Wired on the virus:
“It was obvious DuQu was from the same source as Stuxnet. But no matter how much we looked for similarities [in Flame], there are zero similarities,” Gostev said. “Everything is completely different, with the exception of two specific things.”
One of these is an interesting export function in both Stuxnet and Flame, which may turn out to link the two pieces of malware upon further analysis, Gostev said. The export function allows the malware to be executed on the system.
Also, like Stuxnet, Flame has the ability to spread by infecting USB sticks using the autorun and .lnk vulnerabilities that Stuxnet used. It also uses the same print spooler vulnerability that Stuxnet used to spread to computers on a local network. This suggests that the authors of Flame may have had access to the same menu of exploits that the creators of Stuxnet used.