Iran reported substantial damage and huge data lost due to malicious software dubbed as Flame. It could be 3rd most powerful virus after Stuxnet and Duqu viruses. Largest number of infected machines is in Iran, followed by the Israel/Palestine, then Sudan and Syria.
The Trojan bug has about 100 times as much code as a typical virus designed to steal financial information. It can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.
Russian cyber company Kaspersky Labs said there was evidence to suggest the code was commissioned by the same nation or nations that were behind Stuxnet and Duqu, a 'trojan horse' program which was detected in industrial systems earlier this year.
What are Stuxnet and Duqu?
Stuxnet: A computer worm. Basically spies on and subverts industrial systems. It is notorious for attacking and damaging centrifuges of an Iranian uranium enrichment facility in 2010.
Duqu: Also a computer worm which is often related to the Stuxnet. It was named “Duqu” as it gives prefix "~DQ" to the names of files it creates.
To understand the potential of FLAME more, lets see the 5 dimensions of FLAME:-
1. Complexity
2. Breadth
3. Network
4. Victims
5. Perpetrator
Complexity:
One of the most complicated pieces of malicious software ever discovered. Nearly 20 times as much code than Stuxnet. Built with some 20 modules which even the researchers can’t fully understand. Built with some 20 modules which even the researchers can’t fully understand.
Breadth:
Most complete data-stealing tools found to date. Can record sounds, access Bluetooth communications, capture regular screenshot images and log Internet Messaging conversations.
Network:
A network of over 80 servers across the world used by the FLAME creators to remotely access infected machines. Can change settings on PC. Can quietly gather the stolen data/. Largest such Command and Control network identified to date.
Victims:
Most number of infected infected systems found in Iran, followed by Israel and the Palestinian territories.
Also found in Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
Estimated 1,000-5,000 machines infected worldwide.
Perpetrator:
Kaspersky Lab, which claimed credit for uncovering Flame, believes the virus may be the work of the same nation or nations that built the Stuxnet worm that attacked Iran's nuclear program in 2010. But the Kaspersky researchers declined to say which nation or nations they believe are behind Flame.
1 comment: