Iran Claims Flame Caused ‘Massive’ Data Loss

An Iranian cyber security official has claimed the Flame worm caused the country “massive” data loss.

Since the emergence of Flame, which some believe to be the most sophisticated piece of malware ever created, Iran has been considered the number one target. Kaspersky figures from earlier this week showed there were 189 infections in Iran, almost 100 more than the second-most targeted area, Israel/Palestine.

Kamran Napelian, an official with Iran’s Computer Emergency Response Team (MAHER), told the New York Times that Flame had caused substantial data loss, saying he guessed the worm had been active in the country for six months.

UN warning

The UN is also expected to issue its most serious warning yet on a cyber threat. The UN’s Geneva-based International Telecommunications Union (ITU) is to alert member nations that Flame is a dangerous espionage tool that could be used to hit critical infrastructure, according to Reuters.

“This is the most serious [cyber] warning we have ever put out,” said Marco Obiso, cyber security coordinator for the ITU.

Flame has worm capabilities, as it is able to replicate on both local networks and on removable devices like USBs, if it is commanded to do so. It can also look at network traffic, take screenshots when “interesting” applications like instant messaging apps are running, record audio conversations from an infected PC’s microphone and do some keylogging. Further functionality can be added via plug-ins whenever the attackers want.

It also has Bluetooth capabilities, as it is able to pick up on signals as well as turn the infected system’s Bluetooth on. Information is relayed back to the attackers’ command and control servers over a covert SSL channel. These C&C servers are scattered across the world.

Security companies are moving to offer protection, after MAHER warned none of the 43 anti-virus solutions it tested Flame on could protect against it. MAHER itself has already produced a removal tool, whilst major firms like Kaspersky and Trend Micro have issued similar protections.

Yesterday, chief research officer at F-Secure, Mikko Hypponen, told TechWeekEurope Flame marked another “failure” for the security industry, as it had failed to pick up on a significant piece of malware for a significant period of time, just as it had done with other cyber “super-weapons” like Stuxnet and Duqu.

“If we missed it for two years, maybe five years, not just us but the whole goddamn industry, what else could we characterise that as other than a failure?” Hypponen said.

The industry will have to wait a long time to discover more about Flame as well. It is a sizeable piece of malware at 20MB once all modules are deployed.

Kaspersky has been ploughing on with its research uncovering a number of the modules used to steal data. There remain some interesting ones left, which the Russian security firm is still attempting to figure out, including ones called Bunny, Dbquery, Driller, Headache and Gadget.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • Flame is creating huge concern for high level program users. I don't know how Iran will react about the massive data loss of their programs. I think this issue is leading us to great cyberwar in no time. Thanks :)

    • Cyberwarefare is here... The USA and Zionist Israel are the chief perpetrators. They will also be the ones to squeal the loudest when their victim nations retaliate.

Recent Posts

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

2 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

4 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

5 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

6 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

22 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

23 hours ago