Iran Claims Flame Caused ‘Massive’ Data Loss

An Iranian cyber security official has claimed the Flame worm caused the country “massive” data loss.

Since the emergence of Flame, which some believe to be the most sophisticated piece of malware ever created, Iran has been considered the number one target. Kaspersky figures from earlier this week showed there were 189 infections in Iran, almost 100 more than the second-most targeted area, Israel/Palestine.

Kamran Napelian, an official with Iran’s Computer Emergency Response Team (MAHER), told the New York Times that Flame had caused substantial data loss, saying he guessed the worm had been active in the country for six months.

UN warning

The UN is also expected to issue its most serious warning yet on a cyber threat. The UN’s Geneva-based International Telecommunications Union (ITU) is to alert member nations that Flame is a dangerous espionage tool that could be used to hit critical infrastructure, according to Reuters.

“This is the most serious [cyber] warning we have ever put out,” said Marco Obiso, cyber security coordinator for the ITU.

Flame has worm capabilities, as it is able to replicate on both local networks and on removable devices like USBs, if it is commanded to do so. It can also look at network traffic, take screenshots when “interesting” applications like instant messaging apps are running, record audio conversations from an infected PC’s microphone and do some keylogging. Further functionality can be added via plug-ins whenever the attackers want.

It also has Bluetooth capabilities, as it is able to pick up on signals as well as turn the infected system’s Bluetooth on. Information is relayed back to the attackers’ command and control servers over a covert SSL channel. These C&C servers are scattered across the world.

Security companies are moving to offer protection, after MAHER warned none of the 43 anti-virus solutions it tested Flame on could protect against it. MAHER itself has already produced a removal tool, whilst major firms like Kaspersky and Trend Micro have issued similar protections.

Yesterday, chief research officer at F-Secure, Mikko Hypponen, told TechWeekEurope Flame marked another “failure” for the security industry, as it had failed to pick up on a significant piece of malware for a significant period of time, just as it had done with other cyber “super-weapons” like Stuxnet and Duqu.

“If we missed it for two years, maybe five years, not just us but the whole goddamn industry, what else could we characterise that as other than a failure?” Hypponen said.

The industry will have to wait a long time to discover more about Flame as well. It is a sizeable piece of malware at 20MB once all modules are deployed.

Kaspersky has been ploughing on with its research uncovering a number of the modules used to steal data. There remain some interesting ones left, which the Russian security firm is still attempting to figure out, including ones called Bunny, Dbquery, Driller, Headache and Gadget.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • Flame is creating huge concern for high level program users. I don't know how Iran will react about the massive data loss of their programs. I think this issue is leading us to great cyberwar in no time. Thanks :)

    • Cyberwarefare is here... The USA and Zionist Israel are the chief perpetrators. They will also be the ones to squeal the loudest when their victim nations retaliate.

Recent Posts

Marriott Agrees To Pay $52 Million To Settle Data Breaches

To settle US federal and state claims over multiple data breaches, Marriott International agrees $52…

2 days ago

Tesla Shares Drop After Cybercab Unveiling

Mixed reactions as Elon Musk hypes $30,000 'self driving' robotaxi called Cybercab, as well as…

2 days ago

AMD Launches New AI, Server Chips To Expand Nvidia Challenge

AMD unveils new AI and data centre chips as it seeks to improve challenge to…

3 days ago

Chinese Hackers Breach US Wiretap Systems – Report

AT&T and Verizon among US broadband providers reportedly hacked to target American government wiretapping platform

3 days ago