Iran Computers Hit By New Malware: Meet Flame!

Iran Computers Hit By New Malware: Meet Flame!Wired Threat Level introduces newest computer malware: “Flame”. Kaspersky [Lab] discovered the malware about two weeks ago after the United Nations’ International Telecommunications Union asked the Lab to look into reports in April that computers belonging to the Iranian Oil Ministry and the Iranian National Oil Company had been hit with malware that was stealing and deleting information from the systems,” reveals article.  The inevitable tendency is to compare to Stuxnet and DuQu previous malware that likewise attacked Iran computer networks.

Threat Level compares similarities and differences of Stuxnet and DuQu to Flame:

“Stuxnet and DuQu were made of compact and efficient code that was pared down to its essentials. Flame is 20 megabytes in size, compared to Stuxnet’s 500 kilobytes, and contains a lot of components that are not used by the code by default, but appear to be there to provide the attackers with options to turn on post-installation. ‘It was obvious DuQu was from the same source as Stuxnet. But no matter how much we looked for similarities [in Flame], there are zero similarities,’ [chief security expert at Kaspersky Lab, Alexander] Gostev said. “Everything is completely different, with the exception of two specific things.”

“One of these is an interesting export function in both Stuxnet and Flame, which may turn out to link the two pieces of malware upon further analysis, Gostev said. The export function allows the malware to be executed on the system. Also, like Stuxnet, Flame has the ability to spread by infecting USB sticks using the autorun and .lnk vulnerabilities that Stuxnet used. It also uses the same print spooler vulnerability that Stuxnet used to spread to computers on a local network. This suggests that the authors of Flame may have had access to the same menu of exploits that the creators of Stuxnet used.”

Threat Level implies current computer worm, Flame is another large project that requires state backing: “a massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.”

Leave a Reply