What's new

Iran Discovers World's Most Sophisticated Virus

longbrained

SENIOR MEMBER
Joined
Mar 28, 2011
Messages
3,390
Reaction score
0
Iran uncovers Stuxnet-style Flame attack

flame.jpg



Iran claims to have uncovered a new high-profile malware attack targeting its IT systems called Flame, following on from the Stuxnet and Duqu attacks dating back to 2010.

The Iranian Computer Emergency Response Team (Maher) revealed it had discovered the attack in a statement on its website. Maher claimed it had avoided detection from 43 different anti-virus tools but was now in the process of being removed.

"The name 'Flamer' comes from one of the attack modules, located at various places in the decrypted malware code. In fact this malware is a platform which is capable of receiving and installing various modules for different goals," the team explained.

"A detector was created by Maher centre and delivered to selected organisations and companies in [the] first days of May. And now a removal tool is ready to be delivered."

Maher said the malware was able to carry out several high-profile functions, including network monitoring, disk scanning, screen capturing, recording sound from in-built microphones and infiltrating various Windows systems. It added that Flame can be passed on via devices such as USB sticks.

The agency hinted that the advanced nature of the attack suggested it could well be the same organisation or group behind previous attacks on Iran's infrastructure.
"According to file naming conventions, propagation methods, complexity level, precise targeting and superb functionality, it seems that there is a close relation to the Stuxnet and targeted attacks," it said.

"The research on these samples implies that the recent incidents of mass data loss in Iran could be the outcome of some installed module of this threat."
No-one has ever been identified as launching the previous attacks on Iran but several major nations have been cited as potential antagonists such as Israel.

Kaspersky Labs revealed it helped uncovered the Flame malware, having been contacted by the UN’s International Telecommunication Union to help discover why sensitive information was being deleted across the Middle East. In the process, the security vendor discovered Flame, which it said might be the “most sophisticated cyber weapon yet unleashed”.

“Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar ‘super-weapons’ currently deployed in the Middle East by unknown perpetrators,” wrote Kaspersky researcher Alexander Gostev.

“Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyber-espionage.”

Iran uncovers Stuxnet-style Flame attack - IT News from V3.co.uk


Iran targeted by 'Flame' espionage virus

Iran targeted by 'Flame' espionage virus - Telegraph

iran-export-620_2112719b.jpg



Iranian computer networks have been targeted by a cyber espionage virus many times more complicated than any malicious software ever seen before, security experts have said.


The virus, named Flame or Skywiper, could only have been created by a state, according to analysts who have investigated it and the pattern of infection.
The results of our technical analysis support the hypotheses that Skywiper was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyber warfare activities,” said Crysys Lab, a unit that investigates computer viruses at Budapest University.

The discover of the Flame/Skywiper, which may have been in circulation for more than five years, offers further confirmation of the secret battle being waged by intelligence agencies online.
Although its purpose is to steal information rather than cause physical damage, Flame/Skywiper is said to be a much more complicated piece of malicious software than Stuxnet, the groundbreaking virus designed to cripple Iranian uranium enrichment.
"Information gathering from a large network of infected computers was never crafted as carefully," Crysys Lab said.

"It covers all major possibilities to gather intelligence, including keyboard, screen, microphone, storage devices, network, WiFi, Bluetooth, USB and system processes."

In their preliminary technical report, the investiagtors describe unprecedented layers of software, designed to allow Flame/Skywiper to penetrate computer networks undetected. The 20MB file, which infects Microsoft Windows computers, has five encryption algorithms, exotic data storage formats and the ability to steal documents, spy on computer users and more.
Various components of Flame/Skywiper enable those behind it, who use a network of rapidly-shifting “command and control” servers to direct the virus, to turn microphone into listening devices, siphon off documents and log keystrokes.

Eugene Kaspersky, the founder of the Russian anti-virus firm Kaspersky Lab, which has also analysed the virus, noted that “it took us 6 months to analyze Stuxnet. [This] is 20 times more complicated”.

Iran’s Computer Emergency Response Team, Maher, today issued a statement claiming Flame/Skywiper was "a close relation" of Stuxnet, which has itself been linked to Duqu, another complicated information-stealing virus is believed to be the work of state intelligence. Many experts suspect Stuxnet was created by the United States and Israel.

Crysys Lab said the technical evidence for a link between Flame/Skywiper and Stuxnet or Duqu was inconclusive, however. While they shared many common components, the newly-discovered virus bears little resemblance; for instance Flame/Skywiper does not spread itself automatically but only when hidden controllers allow it.

In its statement, published online, Maher said selected organisations had been given software to detect and remove the newly-discovered virus at the beginning of May.
As well as Iran, Flame/Skywiper infections have been detected in the West Bank, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
 
.
for who don't want to read that load of text:
someone created a virus for iran nuclear reactors , he sent it to world pc and especially iran > iranian computer experts detected that and before it destroy the cooling system of bushehr power plant , (nuclear)and at last they had cleaned it.
but the person who created this virus knew the simense company codes... (iranian pc used that codes)
 
.
It is incredibly stupid of Iran keep using Microsoft Windows. They should have moved to use Linux and develop their own anti virus. Without that they will always be attacked, everything they say in front of the computer will be listened to by NSA:

 
Last edited by a moderator:
.
for who don't want to read that load of text:
someone created a virus for iran nuclear reactors , he sent it to world pc and especially iran > iranian computer experts detected that and before it destroy the cooling system of bushehr power plant , (nuclear)and at last they had cleaned it.
but the person who created this virus knew the simense company codes... (iranian pc used that codes)

all could of been delivered by previous malware to the creators... or the flame malware itself, as it is designed to deliver various modules for different goals, the virus itself first function could be, record passwords used etc etc etc...

and if america is behind this, as it is most likely made by same creators as stuxnet, and they have been able, even through flame, to recieve reports via network monitoring, disk scanning, screen capturing, recording sound from in-built microphones and infiltrating various Windows systems.... then i would say the world better listen to america when it says iran is trying to create nuclear missiles..... usa is pretty serious about it, and they would never admit to such cyber warfare, even to prove their point... but fact remains, they will be in possession of a massive amount of data, images etc etc, and i bet it points to iran creating missiles..
 
.
Massive cyber-attack discovered, Middle East targetted by Flame

Boston: Security experts have discovered a new data-stealing virus dubbed ‘Flame’. Reports say it has lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.

It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab’s work were made available on Monday.

Reuters
Schouwenberg said he did not know who built Flame.

If the Lab’s analysis is correct, Flame could be the third major cyber weapon uncovered after the Stuxnet virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.

The discovery by one of the world’s largest makers of anti-virus software will likely fuel speculation that nations have already secretly deployed other cyber weapons.

“If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Schouwenberg said in an interview.

The Moscow-based company is controlled by Russian malware researcher Eugene Kaspersky, and gained notoriety in cyber weapons research after solving several mysteries surrounding Stuxnet and Duqu.

Researchers at Kaspersky said they were only starting to understand how Flame works because it is so complex. The full significance will not be known until other cyber security firms obtain samples of Flame.

The Lab’s research shows the largest number of infected machines are in Iran, followed by the Israel/Palestine region, then Sudan and Syria.

COMPLEX VIRUS

The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information, Schouwenberg said.

Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.

He said there was evidence to suggest the code was commissioned by the same nation or nations that were behind Stuxnet and Duqu, which were built on a common platform.

Both Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and employ a similar way of spreading.

That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, he said.

Schouwenberg said he believed the attack was highly targeted, aimed mainly at businesses and academic institutions.

He estimated that no more than 5,000 personal computers around the world have been infected, including a handful in North America.

Kaspersky Lab discovered Flame while investigating reports that a virus dubbed Wiper was attacking computers in Iran.

The International Telecommunications Union, a U.N. agency that promotes research and cooperation on telecommunications technology, asked Kaspersky Lab to investigate those reports.

Schouwenberg said that his team discovered Flame, but failed to turn up anything that resembled Wiper.

Massive cyber-attack discovered, Middle East targetted by Flame | Firstpost
 
.
we should duplicate this asap. Almost all the Middle Eastern countries were targetted. The Israelis will probably find a way to deal with it but I doubt the khalijees can even discover it without some outsider telling them so it would be an easy spying tool (not that they have much to steal but good none the less).

btw, I was reading about this virus on BBC this morning.

Apareantly it's 20MB (20 times larger than the Stuxnet virus) and it's designed to take screenshots and record activity of the computer.
 
. .
we should duplicate this asap. Almost all the Middle Eastern countries were targetted. The Israelis will probably find a way to deal with it but I doubt the khalijees can even discover it without some outsider telling them so it would be an easy spying tool (not that they have much to steal but good none the less).

btw, I was reading about this virus on BBC this morning.

Apareantly it's 20MB (20 times larger than the Stuxnet virus) and it's designed to take screenshots and record activity of the computer.
Are we going to witness Skynet like thing in our lives? This possibility scares me.
 
. .
'Flame virus aims to gather intelligence'

Tehran admits being targeted by what could be most sophisticated malware yet; computer experts say only country capable of developing such complex virus

Iranian authorities have admitted that malicious software dubbed Flame has attacked it, and instructed to run an urgent inspection of all computer systems in the country.

While no one knows who is behind "the most sophisticated virus of all times," the bottom line, computer experts say, is that only a state could have developed such a complex virus.

Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.

Moscow-based Kaspersky Lab, one of the world's largest data protection companies, was the first to discover the new malware. However, researchers are still unsure about its scope, because it has about 100 times as much code as a typical virus designed to steal financial information.

Iran hit the hardest
Researchers at Kaspersky estimated that around 5,000 personal computers around the world have been infected by the virus, Iran being hit the hardest, with 189 infected computers, followed by Palestinian territories (98 computers), Sudan (32), Syria (30),Lebanon (18), Saudi Arabia (10) an Egypt (5).

The researchers further estimated that the virus was developed by a country that allocated a significant budget for its development, which might be linked to cyber warfare.

"Unlike the Suxtent virus that attacked in Iran, this is a spyware that doesn't disrupt or terminate systems, Professor Yitzhak Ben Yisrael, the former head of the Administration for the Development of Weapons and the Technological Industry said.

According to Ben Yisrael, while the source of the software is unknown, "its aim is clear – collecting intelligence." The professor added that the spyware acts like a worm, jumping from one computer to another, and that it is impossible to locate the destination of the data that was copied.

Another expert noted that the virus was extremely invasive, and was not created by a bored teenager, but rather by a sophisticated programmer.


Flame could be the third major cyber weapon uncovered after the Stuxnet virus that attacked Iran's nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.

Both Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and employ a similar way of spreading.

That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame.


:partay::partay:
4_wa.jpg
 
.
Guys I thing Windows and Microsoft are declining am I right? I say this because of this new gizmo the Tablet computer it's use what they call Android OS so we would see tomorrow less laptops and desktops that depends on windows also with increasing numbers of people using Linux the fortune of Microsoft declining now this the first time I know nuke plants use windows???!!!.
 
.
only if DirectX worked with Linux .
by the way another matter is if the masses move toward Linux then the virus writers simply change their target to linux instead of windows
 
.
Guys, Linux does not afected by viruses, but other malwares yes (worms, etc and specially rootkits)
 
.
Iran finally learned how to use Kaspersky antivirus. At this rate they could learn the proper use of Photoshop by 2017 and programs which block unauthorised usb drives by 2023.

It is incredibly stupid of Iran keep using Microsoft Windows. They should have moved to use Linux and develop their own anti virus.
You are simpy unbelievable lamer. Open source code OS is much MORE vulnerable to viruses.
 
.
Iran finally learned how to use Kaspersky antivirus. At this rate they could learn the proper use of Photoshop by 2017 and programs which block unauthorised usb drives by 2023.


You are simpy unbelievable lamer. Open source code OS is much MORE vulnerable to viruses.

Genius Israeli, Unix-like OS's can NOT be affected by any VIRUS. Learn a bit about how permissions work on Linux and don't make people laugh.
 
.

Pakistan Defence Latest Posts

Back
Top Bottom