h/t National Post
It appears the the the asexual virus; Stuxnet, has given birth to an even feistier demon spawn called Flame which has started to wreck havoc on computer systems in the Middle East.
Cyber warfare will become predominant in this day and age.
A United Nations agency charged with helping member nations secure their national infrastructures plans to issue a sharp warning about the risk of the Flame virus that was recently discovered in Iran and other parts of the Middle East.
“This is the most serious [cyber] warning we have ever put out,” said Marco Obiso, cyber security coordinator for the UN’s Geneva-based International Telecommunications Union.
The confidential warning will tell member nations that the Flame virus is a dangerous espionage tool that could potentially be used to attack critical infrastructure, he said in an interview.
“They should be on alert,” he said.
Evidence suggest that the virus, dubbed Flame, may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran’s nuclear program in 2010, according to Kaspersky Lab, the Russian cyber security software maker that took credit for discovering the infections.
“I think it is a much more serious threat than Stuxnet,” Obiso said.
He said the ITU would set up a program to collect data, including virus samples, to track Flame’s spread around the globe and observe any changes in its composition.
Kaspersky Lab said it found the Flame infection after the ITU asked the Russian company to investigate recent reports from Tehran that a mysterious virus was responsible for massive data losses on some Iranian computer systems.
So far, the Kaspersky Lab team has not turned up the original data-wiping virus that they were seeking and the Iranian government has not provided Kaspersky a sample of that software, Obiso said.
Iran has not disclosed any data lost to the new virus, but Israel’s vice-premier did little to deflect suspicion about possible Israeli involvement in the latest attack.
“Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it,” Israeli Vice Premier Moshe Yaalon told Army Radio when asked about Flame. “Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us.”
It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab’s work were made available on Monday. Schouwenberg said he did not know who built Flame. If the Lab’s analysis is correct, Flame could be the third major cyber weapon uncovered after the Stuxnet virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain played by Christopher Lee. The discovery by one of the world’s largest makers of anti-virus software will likely fuel speculation that nations have already secretly deployed other cyber weapons. “If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Schouwenberg said in an interview. The Moscow-based company is controlled by Russian malware researcher Eugene Kaspersky, and gained notoriety in cyber weapons research after solving several mysteries surrounding Stuxnet and Duqu. Researchers at Kaspersky said they were only starting to understand how Flame works because it is so complex. The full significance will not be known until other cyber security firms obtain samples of Flame.
The Lab’s research shows the largest number of infected machines are in Iran, followed by the Israel/Palestine region, then Sudan and Syria.
The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information, Schouwenberg said. Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats. He said there was evidence to suggest the code was commissioned by the same nation or nations that were behind Stuxnet and Duqu, which were built on a common platform. Both Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and employ a similar way of spreading. That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, he said. Schouwenberg said he believed the attack was highly targeted, aimed mainly at businesses and academic institutions. He estimated that no more than 5,000 personal computers around the world have been infected, including a handful in North America. Kaspersky Lab discovered Flame while investigating reports that a virus dubbed Wiper was attacking computers in Iran. The International Telecommunications Union, a UN agency that promotes research and cooperation on telecommunications technology, asked Kaspersky Lab to investigate those reports. Schouwenberg said that his team discovered Flame, but failed to turn up anything that resembled Wiper.