All the latest UK technology news, reviews and analysis


Iran uncovers Stuxnet-style Flame attack

28 May 2012
flames

Iran claims to have uncovered a new high-profile malware attack targeting its IT systems called Flame, following on from the Stuxnet and Duqu attacks dating back to 2010.

The Iranian Computer Emergency Response Team (Maher) revealed it had discovered the attack in a statement on its website. Maher claimed it had avoided detection from 43 different anti-virus tools but was now in the process of being removed.

"The name 'Flamer' comes from one of the attack modules, located at various places in the decrypted malware code. In fact this malware is a platform which is capable of receiving and installing various modules for different goals," the team explained.

"A detector was created by Maher centre and delivered to selected organisations and companies in [the] first days of May. And now a removal tool is ready to be delivered."

Maher said the malware was able to carry out several high-profile functions, including network monitoring, disk scanning, screen capturing, recording sound from in-built microphones and infiltrating various Windows systems. It added that Flame can be passed on via devices such as USB sticks.

The agency hinted that the advanced nature of the attack suggested it could well be the same organisation or group behind previous attacks on Iran's infrastructure.

"According to file naming conventions, propagation methods, complexity level, precise targeting and superb functionality, it seems that there is a close relation to the Stuxnet and targeted attacks," it said.

"The research on these samples implies that the recent incidents of mass data loss in Iran could be the outcome of some installed module of this threat."

No-one has ever been identified as launching the previous attacks on Iran but several major nations have been cited as potential antagonists such as Israel.

Kaspersky Labs revealed it helped uncovered the Flame malware, having been contacted by the UN’s International Telecommunication Union to help discover why sensitive information was being deleted across the Middle East. In the process, the security vendor discovered Flame, which it said might be the “most sophisticated cyber weapon yet unleashed”.

“Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar ‘super-weapons’ currently deployed in the Middle East by unknown perpetrators,” wrote Kaspersky researcher Alexander Gostev.

“Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyber-espionage.”

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth
About

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
22%
13%
4%
22%
28%
11%

Popular Threads

Powered by Disqus
Sony Xperia Z2 Tablet powered by Android KitKat 4.4

Sony Xperia Z2 Tablet video

We take a look at the lightweight, waterproof tablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Senior Full Stack Development Engineer – Global Tech Company – London

An experienced full stack development engineer is required...

Senior Javascript Engineer – Market Leading Product - London

Experienced Javascript engineer is required to take on...

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

SAP Programme Manager

SAP Programme Manager Experienced SAP Programme Manager...
To send to more than one email address, simply separate each address with a comma.