* Most complex piece of malicious software yet found
* Speculation may now grow over countries deploying cyber
weapons
* Virus highly targeted, mainly in Middle East
By Jim Finkle
BOSTON, May 28 Security experts have discovered
a new data-stealing virus dubbed Flame they say has lurked
inside thousands of computers across the Middle East for as long
as five years as part of a sophisticated cyber warfare campaign.
It is the most complex piece of malicious software
discovered to date, said Kaspersky Lab security senior
researcher Roel Schouwenberg, whose company discovered the
virus. The results of the Lab's work were made available on
Monday.
Schouwenberg said he did not know who built Flame.
If the Lab's analysis is correct, Flame could be the third
major cyber weapon uncovered after the Stuxnet virus that
attacked Iran's nuclear program in 2010, and its data-stealing
cousin Duqu, named after the Star Wars villain.
The discovery by one of the world's largest makers of
anti-virus software will likely fuel speculation that nations
have already secretly deployed other cyber weapons.
"If Flame went on undiscovered for five years, the only
logical conclusion is that there are other operations ongoing
that we don't know about," Schouwenberg said in an interview.
The Moscow-based company is controlled by Russian malware
researcher Eugene Kaspersky, and gained notoriety in cyber
weapons research after solving several mysteries surrounding
Stuxnet and Duqu.
Researchers at Kaspersky said they were only starting to
understand how Flame works because it is so complex. The full
significance will not be known until other cyber security firms
obtain samples of Flame.
The Lab's research shows the largest number of infected
machines are in Iran, followed by the Israel/Palestine region,
then Sudan and Syria.
COMPLEX VIRUS
The virus contains about 20 times as much code as Stuxnet,
which attacked an Iranian uranium enrichment facility, causing
centrifuges to fail. It has about 100 times as much code as a
typical virus designed to steal financial information,
Schouwenberg said.
Flame can gather data files, remotely change settings on
computers, turn on PC microphones to record conversations, take
screen shots and log instant messaging chats.
He said there was evidence to suggest the code was
commissioned by the same nation or nations that were behind
Stuxnet and Duqu, which were built on a common platform.
Both Flame and Stuxnet appear to infect machines by
exploiting the same flaw in the Windows operating system and
employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have
had access to the same technology as the team that built Flame,
he said.
Schouwenberg said he believed the attack was highly
targeted, aimed mainly at businesses and academic institutions.
He estimated that no more than 5,000 personal computers
around the world have been infected, including a handful in
North America.
Kaspersky Lab discovered Flame while investigating reports
that a virus dubbed Wiper was attacking computers in Iran.
The International Telecommunications Union, a U.N. agency
that promotes research and cooperation on telecommunications
technology, asked Kaspersky Lab to investigate those reports.
Schouwenberg said that his team discovered Flame, but failed
to turn up anything that resembled Wiper.