Powerful "Flame" cyber weapon found in Iran

Powerful "Flame" cyber weapon found in Iran

www.reuters.com

(Reuters) - Security experts have discovered a highly sophisticated computer virus in Iran and other Middle East countries that they believe was deployed at least five years ago to engage in state-sponsored cyber espionage.

Evidence suggest that the virus, dubbed Flame, may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010, according to Kaspersky Lab, the Russian cyber security software maker that claimed responsibility for discovering the virus.

(visit the link for the full news article)

A Cyber weapon they say that was "just recently" discovered what makes this interesting is they just now "found" it.

So it sat there for 5 years,and no one ever noticing, rather odd to say the least. What they are saying is "flame" was created by the same people of Stuxnet, or close to it.

Another interesting part to this little story is Kaspersky Lab,a Russian antivirus manufacture claimed responsibility for discovering the virus.

So now if one remembers Russian technicians who have been aiding Iran in the race for nuclear "power", who has been there during this whole time.

Now if people put two and two together that makes this conspiracy.

The creators of flame and stuxnet and that "State" responsible for all Irans woes is those very people who have been claiming to be helping them,

Now if true,the common theories of who has been behind them being the evil US and Israel can now be put to rest.

Note the above is my own person opinion of the news article,and that is all it is.

www.reuters.com
(visit the link for the full news article)

reply to post by neo96


and why would the russians be sabotaging iran, an ally, to help the u.s. and israel, enemies, out of the goodness of their hearts.

the only incentive is money and oil.

why is the u.s. broke, because it has to give away billions to countries like russia for help.

reply to post by neo96


Good find. S+F.

I'd like to add this to the equation.

www.bbc.co.uk...

A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.

Israel AND Iran.

Israel and the US Cyber Command were the ones who commissioned STUXNET.

It's the ONLY logical answer to how such a sophisticated, self replicating, "learning" virus got out and first attacked high value targets in middle eastern countries.

This new "virus" is only phase 2 I assume of an attempt to lock down all technology in the area and make sure that the people who made it ( in this case I assume Isael and the US) have total control over information on those networks as well as the ability to remote controll system of interest.

I'm really unsurprised by this news, it was only a matter of time before these nations started "Cyber Terrorism" against each other.

~Tenth

Here's an additional news link Flame: Massive cyber-attack discovered, researchers say

Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.

While they're specifically mentioning "government-backed", I don't think there's any reason to exclude corporate involvement either. There's alot of money there, and probably alot of incentives as well.

More links:

www.ynetnews.com...

Researchers at Kaspersky estimated that around 5,000 personal computers around the world have been infected by the virus, Iran being hit the hardest, with 189 infected computers, followed by Israel and the Palestinian territories (98 computers), Sudan (32), Syria (30),Lebanon (18), Saudi Arabia (10) and Egypt (5).

www.telegraph.co.uk...

www.chinapost.com.tw...

If the lab's analysis is correct, Flame could be the third major cyber weapon uncovered after the Stuxnet virus that attacked Iran's nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.

The discovery by one of the world's largest makers of anti-virus software will likely fuel speculation that nations have already secretly deployed other cyber weapons.

www.valuewalk.com...

reply to post by randomname

and why would the russians be sabotaging iran, an ally, to help the u.s. and israel, enemies, out of the goodness of their hearts.

Read below:

Kaspersky's research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.

Maybe:

the only incentive is money and oil.

But the more problems Iran has the more they pay Russia.

I am a bit out of the loop on Stuxnet, but was it ever round in Russia,or China?

reply to post by tothetenthpower

Kaspersky's research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.

Why would they infect themselves?

Originally posted by neo96
reply to post by tothetenthpower

 

Kaspersky's research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.

Why would they infect themselves?

I'm not saying it is Israel, in fact it could be any massive state at the moment, technology is available to a lot of people. However if it was Israel and they wanted to cover their tracks, they could say 'hey look our computers are infected - not us' - Possibly a diversion.

But it could be anyone with enough tech and know-how. Now if it's assumed the stuxnet and Duqu are of the same origin, then it might be worth going through some old threads?

Originally posted by neo96
reply to post by tothetenthpower

 

Kaspersky's research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.

Why would they infect themselves?

Why would a nation do a test run of it's virus on it's own systems in order to verify that it was effective?

I dunno, in order to be able to see how systems interact with the virus and to create the appropriate fixes to resolving the issue if the virus was used against them as opposed to for them.

Peopel who make virus' test them on their own systems first usually, to make sure that the code is effective; what's the point of releasing a dud that would be picked up and fixed by Kaperski or another large anti-virus manufacturer?

~Tenth

reply to post by mr-lizard


Having the "know how" is something of a understatement.

Duqu and Stuxnet are pretty much the most complex virus' to ever be discovered, the deciphering of their real purposes and extent of infection is still under way and will probably never be known.

Considering it self adapts to it's own environment to circumvent current anti-virus tech;

~Tenth

..and I'll add a bit from PC Magazine..

Massive 'Flame' Malware Stealing Data Across Middle East

Thus far, its been mainly grabbing data, evidently looking for something "sensitive".

Iran has thus far been hardest hit by Flame, with at least 189 infections. Israel/Palestine came in second with 98, followed by Sudan (32), Syria (30), Lebanon (18), Saudi Arabia (10), and Egypt (5).

Kaspersky has not identified any specific organization that Flame is targeting. "From the initial analysis, it looks like the creators of Flame are simply looking for any kind of intelligence - emails, documents, messages, discussions inside sensitive locations, pretty much everything,"

One very interesting thing about this is that while most viruses are small this thing comes in at a whopping 20megs (huge by virus standards).

Kaspersky said Flame is a "sophisticated attack toolkit." It is almost 20MB when fully deployed, which Gostev said makes it "extremely difficult" to analyze.

"The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a LUA virtual machine," he said.

They go on to say this may have been a parallel project to Stuxnet, but possibly created by another group. However, doesn't mean they couldn't come from the same overall effort.

This "weapon" has not been used to "attack" anyone, it gets information, screenshots, audio and even video of the activities of the infected computer.
The weird thing is that apart from Iran, Siria and Lebanon, it has been found in Israel.

Cheers
Jechu

reply to post by tothetenthpower

I dunno, in order to be able to see how systems interact with the virus and to create the appropriate fixes to resolving the issue if the virus was used against them as opposed to for them.

Makes sense but that would if it was the US they would use the same methods on the civilian networks and yet we never noticed, it would have been talked about 24/7.

Peopel who make virus' test them on their own systems first usually, to make sure that the code is effective; what's the point of releasing a dud that would be picked up and fixed by Kaperski or another large anti-virus manufacturer?

Makes sense again,but if was the Us we would have surely noticed I am not ruling out the US completely and since it has been targeted to the middle east, that would make Us the usual scapegoat by misdirection,

IF there is some third party at work it is easy to get your enemies to fight between themselves and then come in and pick up the pieces,which is another possiblity of cyber warfare.

reply to post by neo96


Interesting article and ty for posting. But your interpretation of the whole thing is much different than mine

How the heck did you come up with this?

Now if true,the common theories of who has been behind them being the evil US and Israel can now be put to rest.

What part of that article possibly being true could even remotely support the point you are trying to make?



Talk about a spin bro!

The media needs to be banned from ever, ever using the term "cyber," again. It is nothing other than a sensationalistic means of inducing and encouraging technophobia.

Originally posted by Corruption Exposed
reply to post by neo96

 

Interesting article and ty for posting. But your interpretation of the whole thing is much different than mine.

How the heck did you come up with this?

Now if true,the common theories of who has been behind them being the evil US and Israel can now be put to rest.

Talk about a spin bro!

A theory is not spin and there is nothing saying people had to agree with it besides it is always the evil west when the topic is Iran.

reply to post by mr-lizard


My top 3 suspects are:

1 Russia
2. China
3. US

All 3 have a lot to gain by this and they all can make money by cyber warfare which is next evolution of "war for oil" meaning "cyberwarfare for cash".

Ok assuming the articles relating flame, duqu and stuxnet as being from the same source, a little digging on the origins of duqu / stuxnet mention this:

www.inquisitr.com...

When investigating an earlier variant of the virus, researchers discovered a driver signed in 2007, suggesting that development on Duqu could have begun as early as four years ago.

or five years now.

Also

When digging about the source code of an earlier version for clues on how Duqu works and who made it, Moscow-based Kaspersky Lab discovered an “easter egg” of sorts: a reference to Showtime’s hit television show Dexter.

Why would you do that? Either it's a genuine easter egg (for 'fun') or it's another way of diverting the blame to the west perhaps? What I mean is, I don't imagine many Saudi's watching Dexter for example. (or maybe they do?)

also

www.kaspersky.com...

Duqu is a sophisticated Trojan that was created by the same people who created the infamous Stuxnet worm. Its main purpose is to act as a backdoor into the system and facilitate the theft of private information. Duqu was first detected in September 2011, but according to Kaspersky Lab data, the first trace of Duqu-related malware dates back to August 2007. The company’s experts have recorded over a dozen incidents involving Duqu, with the vast majority of victims located in Iran. An analysis of the victim organizations’ activities and the nature of the information targeted by the Duqu authors clearly suggest the main goal of the attacks was to steal information about industrial control systems used in a number of industries as well as gathering intelligence about the commercial relations of a whole range of Iranian organizations.

Which pretty much proves that Iran was the main target of all three viruses.

The connection between Duqu and Stuxnet was revealed during the analysis of one of the incidents with regard to Duqu. During the investigation of the infected system thought to have been attacked in August 2011, a driver was found that was similar to the one used by one of the versions of Stuxnet. Though there were clear likenesses between the two drivers, there were also some differences in the details, such as the date of signing of the digital certificate. Other files which it was possible to attribute to the activity of Stuxnet were not found, but there were traces of activity of Duqu.

www.kaspersky.com...< br />
also

www.zdnet.com...

Ever since the discovery of the worm, which Microsoft says dates back to January 2009, there has been incessant speculation that Stuxnet is a nation-state attack against Iranian nuclear plants. We’ve heard murmurings of biblical references and public confirmation that the Iran’s Buescher nuclear reactor was the main target.

Now comes O Murchu with this tittilating disclosure suggesting a direct link to Israel. However, security experts are cautioning against reading too much into anything deliberately left in the code by the Stuxnet authors because, at this level, there could be all kinds of decoys and misdirection.

Exactly what I was saying, could be misdirection.

and finally

Symantec security researcher Liam O Murchu (photo above) says he found the “05091979″ date in the Stuxnet code, a possible link to the May 9, 1979 execution of Jewish Iranian businessman and philantropist Habib Elghanian.