MOSCOW: A Russian computer firm has discovered a new computer virus with unprecedented destructive potential that chiefly targets Iran and could be used as a “cyber weapon” by the West and Israel.
Kaspersky Lab, one of the world’s biggest producers of anti-virus software, said its experts discovered the virus – known as Flame – during an investigation prompted by the International Telecommunication Union.
Iran appears to have been the main target of the attack and the announcement comes just a month after the Islamic Republic said it halted the spread of a data-deleting virus targeting computer servers in its oil sector.
Kaspersky said the virus was several times larger than the Stuxnet worm that was discovered in 2010 and targeted the Iranian nuclear program, reportedly at the behest of Western or Israeli security agencies.
It said the main task of Flame is cyber espionage, meaning it steals information from infected machines including documents, screenshots and even audio recordings. It then sends the data to servers all over the world.
Flame is “actively being used as a cyber weapon attacking entities in several countries,” Kaspersky said in a statement late Monday. Flame is “one of the most advanced and complete attack-toolkits ever discovered.”
“The complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date,” it added.
The origin of the Stuxnet worm has never been made clear but suspicion has fallen on the United States and Israel which both accuse Iran of seeking to build an atomic weapon.
The chief security expert at Kaspersky, Alexander Gostev, said that Iran was the country worst affected by Flame followed by the Palestinian Territories, Sudan, Syria and Lebanon.
“The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it,” he said in an analysis article.
He said that the aim of the virus was clearly to “collect information” on the operations of states in the Middle East such as Iran, Lebanon and Syria.
However, like Stuxnet and another previous superworm Duqu, “its authors remain unknown,” he said.
“Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists,” he added.
Without giving any indication that Israeli spy agency Mossad could be involved in Flame, Israel’s Strategic Affairs Minister Moshe Yaalon said such cyber weapons were an important part of the arsenal of Iran’s enemies.
“For anyone who sees the Iranian threat as significant, it is reasonable that he would take different steps, including these, in order to hobble it,” he told army radio.
“Israel is blessed with being a country which is technologically rich, and these tools open up all sorts of possibilities for us.”
Iran swiftly claimed to have come up with an anti-virus program against Flame. “Tools to recognize and clean this malware have been developed,” Maher, a computer emergency response team in Iran’s telecommunications ministry, said on its website.
Iran in April said it had set up a crisis committee to combat a mystery cyber attack which hit computers including ones running its main oil export terminal on Kharg Island.
Kaspersky’s Gostev said it was alarming that the cyber attack was now in its active phase.
“Its operator is consistently surveilling infected systems, collecting information and targeting new systems to accomplish its unknown goals.”
According to Laurent Heslault, security chief of the Symantec firm which makes Norton computer protection software, it is likely that Flame was being used for “highly targeted” attacks.
“The computers affected can be counted by the dozen, maybe hundreds, but no more than that. [It] ... is clearly sponsored by someone with means.”