A frightening computer virus called Flame is on the loose in Iran and other parts of the Middle East, infecting PCs and stealing sensitive data. Now, the United Nations’ International Telecommunications Union warns that other nations face the risk of attack.
But what is Flame, exactly, and is it cause for concern among ordinary PC users? Here’s what you need to know about what Kaspersky calls “one of the most complex threats ever discovered.”
What Are Flame’s Origins?
Flame has been in the wild since 2010, according to Kaspersky, but its creation date is unclear. The virus was discovered a month ago after Iran’s oil ministry learned that several companies’ servers had been attacked. That finding led to more evidence of attacks on other government ministries and industries in Iran.
Iran has claimed that the attacks also wiped the hard drives of some machines, but Kaspersky claims that the malware responsible, called Wiper, isn’t necessarily related. Wiper attacks were isolated to Iran, while Flame has been found in other countries.
Flame’s creator is also unknown, but a nation-state was likely behind it. The virus is not designed to steal money from bank accounts, and is much more complex than anything commonly used by “hacktivists,” so a nation-created virus is the only other possibility that makes sense.
Iran has been previously been hit by virus like Stuxnet and Deuce. But This time the virus flame is 20 times bigger than it’s sister Stuxnet
What can the virus do?
It can secretly
Record audio conversations
Record Skype conversations
Take screen shots
Who is at Risk?
The United Nations’ International Telecommunications Union is now warning other nations to “be on alert” for the virus, which could potentially be used to attack critical infrastructure. In a statement to Reuters, the U.S. Department of Homeland Security said it was “notified of the malware and has been working with our federal partners to determine and analyze its potential impact on the U.S.”
Who is behind this?
Like with Stuxnet and Duqu, it’s currently unclear who is behind it. It’s very hard to find out who is behind it because when traces are followed, who controls the application – it connects to the command and control centers – it turns out to be… dozens or even more servers spread around different countries around the world. More than 80 or 90 domains are associated with those servers. Most of them are registered with fake identities. So they’re pretty well protected and hidden. So it is unclear who is behind that. Only found traces of good English used inside the code
What does CERT say?
Speaking for ReadMe Rohana Palliyaguru (Senior information security engineer) had this to say “There has been no incidents from Sri Lanka and it’s on a low risk. Iran seems to be the main target. However CERT has taken all measures and precaution and also is equiped of removing the virus. The virus can travel extrenally and through the network. As we see the virus does not target the average internet users.