Tuesday, June 26, 2012
Tuesday, June 5, 2012
Published on May 29, 2012 by RussiaToday A powerful data-snatching virus targeting computers in Iran, Israel and other Middle Eastern countries has been discovered by Russian experts. The worm has been used for years for what seems to be state-sponsored cyber espionage.
ABU DHABI: A sophisticated cyber weapon has been discovered on computers in the UAE and Saudi Arabia, prompting security concerns for energy firms based in the Gulf and industrial plants.
The virus, dubbed “Flame”, is capable of spying on various different computer files, notably those created by industrial engineers.
Flame has largely targeted computer users in Iran in what some experts have suggested is a deliberate attack on the country’s nuclear programme.
But a handful of computers in the Gulf region have also been infected by the virus, or “malware”, according to the Kaspersky Lab, the anti-virus firm based in Moscow that discovered Flame.
“The malware is designed to act like a cyber-espionage kit,” said Stefan Tanase, senior security researcher at Kaspersky. “It’s a tool for spying on users actions.”
Tanase said the Flame virus had been detected on 11 computers in Saudi Arabia, two in both the UAE and Qatar, and one in Bahrain.
While those numbers are small, the cases are significant because fewer than 500 computers worldwide are thought to have been infected with Flame.
The largest rates of infection are in Iran, where the virus has been identified on 189 computers, and the Palestinian Territories, where Kaspersky has detected 98 cases, Tanase said.
Flame can spy on common computer files such as Word documents and those typically used by industrial engineers, said Tanase.
“The attackers can choose which files they want to download,” he said.
Flame has a “very specific interest” in AutoCAD files, which can be used by engineers for industrial projects. Potential targets “could be anything from a power plant to a production facility ... to oil platforms”, Tanase said.
This could mean those controlling the Flame virus could be spying on classified files owned by Middle East energy companies. “If I was working in this industry I would be worried,” said Tanase.
The executive advised such users to scan for Flame infection using anti-virus software. However, he said regular consumers should not be alarmed by the virus because it does not specifically target them. Flame is the latest cyber attack on computer users based in the Middle East.
Two previous viruses, known as Stuxnet and Duqu, are said by some observers to have specifically targeted Iran.
A recent report in The New York Times suggested the United States and Israel were behind the development of the Stuxnet virus, which was designed to cripple Iran’s ability to develop nuclear weapons.
Whoever created the Flame virus made efforts to conceal their identity, said Tanase. “The attackers did a pretty good job of hiding their tracks.”
Flame uses a different coding platform to Stuxnet and Duqu, suggesting it was created by a different team. But Tanase said Flame could be “a parallel project” because all three viruses targeted this region.
“Their aim is clearly the same to do cyber-espionage and cyber-sabotage in the Middle Eastern region,” he said.
Kaspersky has already helped shut down 80 of the computer servers controlling Flame, Tanase said. But other variants of the Flame virus are still out there, he warned.
‘Flame’ virus discovered as new cyber weapon
Ibrahim Husseini, Press TV, Tel Aviv
"Moshe Ya'alon says anyone who sees Iran's nuclear program as a threat will take steps to harm it.
Evidence of the malware was found in Iran, Sudan, Syria, Israel and the occupied Palestinian territories."
Shortly after news of a sophisticated malware dubbed “flame” hit Iran's servers, an emergency response unit at Iran's telecommunications ministry announced that it had come up with an anti-virus program against it.
On Monday, Netanyahu's deputy hinted at an Israeli involvement but was short of assuming responsibility.
One industry expert called the flame malware a masterpiece of programming, sophisticated enough to change its characteristics and develop according to orders. Therefore It is hard to detect because it only acts on an order from a remote computer and is not always active.
Only 15 powers are thought to possess this technology. The US and Israel are among them.
In recent months, the pressure on Iran was stepped up.
Iran has maintained that its nuclear program is strictly civilian. Israel is on the other hand, is not a signatory to treaty on the non-proliferation of nuclear weapons and is thought to possess 200 to 300 nuclear warheads.
The flame virus is the latest known attack in the ongoing cyber warfare by Israel and the West against Iran. Analysts say cyber warfare is one of the three options at the disposal of Israel and West. The other two: a military strike; a dangerous and unlikely option at the moment, or simply allowing negotiations to produce a settlement.