(Reuters) – Researchers may have gleaned new information about the extent to which nations are engaged in cyber warfare with the discovery of a virus known as Flame.
Kaspersky Lab, which on Monday claimed credit for uncovering Flame, believes the virus may be the work of the same nation or nations that built the Stuxnet worm that attacked Iran‘s nuclear program in 2010.
Here are five key facts about Flame, according to researchers with Kaspersky Lab:
Complexity: It is one of the most sophisticated pieces of malicious software ever discovered. It has about 20 times as much code than Stuxnet. It is built with some 20 modules – researchers still don’t understand the full purpose of most of them.
Breadth: It is the most complete data-stealing tools found to date. It can record sounds, access Bluetooth communications, capture regular screenshot images and log Internet Messaging conversations.
Network: The creators of the virus used a network of some 80 servers across Asia, Europe and North America to remotely access infected machines. They can change settings on personal computers and quietly gather the stolen data. It is the largest such Command and Control network identified to date.
Victims: The largest number of infected computers were found in Iran, followed by Israel and the Palestinian territories. The virus also turned up in Sudan, Syria, Lebanon, Saudi Arabia and Egypt. Kaspersky researchers estimate that altogether between 1,000 and 5,000 machines were infected worldwide.
Perpetrator: Kaspersky researchers decline to say which nation or nations they believe are behind Flame. The creators of Stuxnet and Flame employed similar techniques to infect computers, which suggests that they were “parallel” projects backed by the same nation state.
More: Kaspersky Lab has published a FAQ on Flame: bit.ly/JOWzE
Hungary’s Laboratory of Cryptography and System Security has released a technical paper, which is available at http://www.crysys.hu/skywiper/skywiper.pdf
(Jim Finkle)
Related posts:
Views: 0