It has only been a few months since Iran’s suspected nuclear program suffered a massive setback when it got hit by the USB-borne Stuxnet worm. Well, it looks like Iran’s IT security authorities have their hands full because that country’s computing infrastructure is suffering from yet another attack. This time, the spyware program Flame is causing some serious security breaches. According to Iran’s security group, the Iranian Computer Emergency Response Team (CERT), Flame (also known as The Flamer or the Flamer) is a new malware variant that shares some interesting similarities with previous Iranian malware problems Duqu and Stuxnet.
Flame is capable of capturing passwords, checking and finding network resources, and sniffing out networks. It can also transfer information to servers controlling it and also spread infections on networks that run Windows 7, Vista, and XP. This malware is spread through removable media like USBs and CDs and Local Area Networks (LANs). The malware got its name from one of the modules found in the malware’s decrypted code. Flame acts as a platform which can be instructed by remote attackers to install and receive different modules. Remote operators can send it different modules to perform different tasks.
According to security software maker Kaspersky, they first spotted Flame back in 2010. The firm said that Flame might pose a bigger threat than other malware and might be “the most sophisticated cyber weapon yet unleashed.” Kaspersky can say this because this piece of malware is so complex and its targets and distribution so specific that there can be no doubt that this malicious piece of code is the product of state-sponsorship and high level programming and security expertise. Flame’s code is huge and it combines the features of a worm, a trojan and a backdoor. It also replicates selectively-only upon the command of its remote operator. Kasperky’s analysts admit that Flame is very hard to analyze because of its complexity.
According to CERT, Flame has a specific geographic target and is aimed at collecting information on operations of certain states like Israel, Syria, Lebanon, Iran, and others. CERT says that it suspects Flame’s creators are systematically looking for all types of intelligence: discussions, messages, documents, emails, and other sensitive information. However, the security group said that the malware is not targeting specific industries like Stuxnet. This leads them to believe that it is a general purpose espionage software instead of a specific attack malware.