Internet security company Kaspersky Lab announced on Monday that it had uncovered a ‘cyber-espionage worm’ designed to collect and delete sensitive information, primarily in Middle Eastern countries.Kaspersky called the malware, named ‘Flame,’ the ‘most sophisticated cyber-weapon yet unleashed.’ It said the bug had infected computers in Iran, the West Bank, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. The company also said that Flame contained a specific element that was used in the Stuxnet worm and which had not been seen in any other malware since.
On its blog, Kaspersky called Flame a ‘sophisticated attack toolkit,’ adding that it was much more complex than Duqu, the vehicle used to deliver Stuxnet.
The Stuxnet bug, discovered in June 2010, targeted primarily Iranian computers. Iran admitted that the worm damaged centrifuges operating at an uranium enrichment facility at Nantaz.
Kaspersky’s chief malware expert Vitaly Kamluk said that more than 600 specific targets had been hit by Flame, including computers owned by individuals, businesses, academic institutions and government systems.
Kamluk said he believed the malware had been operating at least since August 2010, and probably earlier, adding that there was ‘no doubt’ that it was developed by a state.
Symantec, another Internet security firm, said on its blog that the bug’s code was on par with that of Stuxnet and Duqu, which it described as ‘arguably the two most complex pieces of malware we have analyzed to date.’
It also said that certain file names in Flame were identical to those described in a hacking incident in April involving the Iranian oil ministry.
According to the firm, the worm had been operating discreetly for at least two years and was likely written by ‘an organized, well-funded group of people working to a clear set of directives.’
Symantec said the virus had also been found in computers in Hungary, Austria, Russia, Hong Kong and the United Arab Emirates.