Iran uncovers Stuxnet-style Flame attack

Iran claims to have uncovered a new high-profile malware attack targeting its IT systems called Flame, following on from the Stuxnet and Duqu attacks dating back to 2010.

The Iranian Computer Emergency Response Team (Maher) revealed it had discovered the attack in a statement on its website. Maher claimed it had avoided detection from 43 different anti-virus tools but was now in the process of being removed.

"The name 'Flamer' comes from one of the attack modules, located at various places in the decrypted malware code. In fact this malware is a platform which is capable of receiving and installing various modules for different goals," the team explained.

"A detector was created by Maher centre and delivered to selected organisations and companies in [the] first days of May. And now a removal tool is ready to be delivered."

Maher said the malware was able to carry out several high-profile functions, including network monitoring, disk scanning, screen capturing, recording sound from in-built microphones and infiltrating various Windows systems. It added that Flame can be passed on via devices such as USB sticks.

The agency hinted that the advanced nature of the attack suggested it could well be the same organisation or group behind previous attacks on Iran's infrastructure.

"According to file naming conventions, propagation methods, complexity level, precise targeting and superb functionality, it seems that there is a close relation to the Stuxnet and targeted attacks," it said.

"The research on these samples implies that the recent incidents of mass data loss in Iran could be the outcome of some installed module of this threat."

No-one has ever been identified as launching the previous attacks on Iran but several major nations have been cited as potential antagonists such as Israel.

Kaspersky Labs revealed it helped uncovered the Flame malware, having been contacted by the UN’s International Telecommunication Union to help discover why sensitive information was being deleted across the Middle East. In the process, the security vendor discovered Flame, which it said might be the “most sophisticated cyber weapon yet unleashed”.

“Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar ‘super-weapons’ currently deployed in the Middle East by unknown perpetrators,” wrote Kaspersky researcher Alexander Gostev.

“Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyber-espionage.”