An Iranian cyber security official has claimed the Flame worm caused the country “massive” data loss.
Since the emergence of Flame, which some believe to be the most sophisticated piece of malware ever created, Iran has been considered the number one target. Kaspersky figures from earlier this week showed there were 189 infections in Iran, almost 100 more than the second-most targeted area, Israel/Palestine.
Kamran Napelian, an official with Iran’s Computer Emergency Response Team (MAHER), told the New York Times that Flame had caused substantial data loss, saying he guessed the worm had been active in the country for six months.
The UN is also expected to issue its most serious warning yet on a cyber threat. The UN’s Geneva-based International Telecommunications Union (ITU) is to alert member nations that Flame is a dangerous espionage tool that could be used to hit critical infrastructure, according to Reuters.
Flame has worm capabilities, as it is able to replicate on both local networks and on removable devices like USBs, if it is commanded to do so. It can also look at network traffic, take screenshots when “interesting” applications like instant messaging apps are running, record audio conversations from an infected PC’s microphone and do some keylogging. Further functionality can be added via plug-ins whenever the attackers want.
It also has Bluetooth capabilities, as it is able to pick up on signals as well as turn the infected system’s Bluetooth on. Information is relayed back to the attackers’ command and control servers over a covert SSL channel. These C&C servers are scattered across the world.
Security companies are moving to offer protection, after MAHER warned none of the 43 anti-virus solutions it tested Flame on could protect against it. MAHER itself has already produced a removal tool, whilst major firms like Kaspersky and Trend Micro have issued similar protections.
Yesterday, chief research officer at F-Secure, Mikko Hypponen, told TechWeekEurope Flame marked another “failure” for the security industry, as it had failed to pick up on a significant piece of malware for a significant period of time, just as it had done with other cyber “super-weapons” like Stuxnet and Duqu.
“If we missed it for two years, maybe five years, not just us but the whole goddamn industry, what else could we characterise that as other than a failure?” Hypponen said.
The industry will have to wait a long time to discover more about Flame as well. It is a sizeable piece of malware at 20MB once all modules are deployed.
Kaspersky has been ploughing on with its research uncovering a number of the modules used to steal data. There remain some interesting ones left, which the Russian security firm is still attempting to figure out, including ones called Bunny, Dbquery, Driller, Headache and Gadget.
Are you a security pro? Try our quiz!
To settle US federal and state claims over multiple data breaches, Marriott International agrees $52…
ByteDance's TikTok is laying off up to 500 employees as it moves to greater use…
In this episode, we uncover why most organisations aren’t ready to harness generative AI. We…
Mixed reactions as Elon Musk hypes $30,000 'self driving' robotaxi called Cybercab, as well as…
AMD unveils new AI and data centre chips as it seeks to improve challenge to…
AT&T and Verizon among US broadband providers reportedly hacked to target American government wiretapping platform
View Comments
Flame is creating huge concern for high level program users. I don't know how Iran will react about the massive data loss of their programs. I think this issue is leading us to great cyberwar in no time. Thanks :)
Cyberwarefare is here... The USA and Zionist Israel are the chief perpetrators. They will also be the ones to squeal the loudest when their victim nations retaliate.