Skip to: Content
Skip to: Site Navigation
Skip to: Search


Horizons

The Middle East fights the Flame, but virus spreads anyway

Flame virus has infected more than 1,000 Windows-powered computers across the Middle East, according to reports.

By / June 6, 2012

This file photo shows the Maroun Petrochemical plant in southwestern Iran. In September 2011 engineers took the plant -- and Iran's oil ministry -- offline in response to a computer virus. Flame, a new virus, doesn't seem to be targeting any specific industry, but it is mining data from infected computers in Iran and other parts of the Middle East.

Vahid Salemi/AP/File

Enlarge

Iranian IT workers just can't catch a break.

Skip to next paragraph

Writer

Jeff began writing for the Monitor's Horizons blog in 2011, covering product news and rumors, innovations from companies like Apple and Google, and developments in tech policy.

Recent posts

Two years ago there was Stuxnet, a virus that targeted Iranian uranium-enrichment infrastructure. Now Flame, a mutating piece of malware, is continuing to spread, infecting more than 1,000 Windows-powered computers across the Middle East. It's centered on Iran, but has also spread to Israel and Palestine, Saudi Arabia, Syria, and even Sudan.

Although Flame was first discovered about two weeks ago, it's still not clear who is behind the software. Last week the New York Times quoted an Iranian cyberdefense official who said the virus's encryption looked like Israel's handiwork. Kaspersky Lab, a Russian antivirus company, said Flame might have been created by the same contractors who were responsible for Stuxnet, working with a different team of programmers. Flame is a targeted virus, just as Stuxnet was, but while the latter was aimed at industrial control systems, Flame doesn't appear to be targeting any particular industry or system -- just Windows PCs in the Middle East.

Flame makes use of what are called "zero-day" vulnerabilities: flaws in software (in this case, the Windows 7 operating system) that no one else knew about. One of the ways Flame spreads is by faking the Windows Update dialog: it tricks the user into downloading an "update," when really they're receiving malware from another infected machine. This vulnerability allows Flame to infect even computers with recent Windows security patches. On Monday Microsoft announced that it had fixed the fake-update bug, and told users that the update would protect from further infection.

Flame is a huge virus -- 20 megabytes of various modules, databases, and varying levels of encryption. It's 40 times larger than Stuxnet, and it's been operating for at least two years without having been detected. So far researchers have a pretty good idea of what it's designed to do -- steal and transmit information from infected machines -- but because it contains so much code, it will take years to fully analyze. So far we know it can activate a computer's built-in microphone to record Skype conversations, siphon contact information from an address book, and transmit screenshots of user activity.

Here's the funny thing, though: many of Flame's modules aren't turned on by default -- they appear to be included in the program to give attackers more options after it's is installed. For example, in addition to the bogus update dialog, the virus has the capability to spread itself through infected USB drives or through a shared printer. But computers with up-to-date antivirus software would be able to detect and prevent this tactic, so Flame first checks to see whether it's running on a patched system, and won't attempt to spread through these methods if it is. Researchers think this low-profile design is what has allowed the virus to operate quietly since 2010.

In spite of its fairly conventional data-theft tactics, the consensus is that it's the work of a nation-state rather than just a group of programmers -- Finnish security firm F-Secure said that it was "most likely launched by a Western intelligence agency." So it may be another indication of the role that cyberwarfare will play in future conflicts.

For more tech news, follow us on Twitter @venturenaut.

Permissions

Read Comments

View reader comments | Comment on this story

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer

 

Doing Good

 

What happens when ordinary people decide to pay it forward? Extraordinary change...

Endeavor Global, cofounded by Linda Rottenberg (here at the nonprofit’s headquarters in New York), helps entrepreneurs in emerging markets.

Linda Rottenberg helps people pursue dreams – and create thousands of jobs

She's chief executive of Endeavor Global, a nonprofit group that gives a leg up to budding entrepreneurs.

 
 
Become a fan! Follow us! Google+ YouTube See our feeds!