Kaspersky Lab announced the uncovering of the malicious threat during an investigation prompted by the International Telecommunication Union
This malware is believed to be "in the wild" for over 2 years. The company has said it has been out there at least since March 2010. Flame is also said to be "around 20 times larger than Stuxnet." It is described
as being capable of stealing "valuable information, including but not limited to computer display contents, information about targeted systems, stored files, contact data and even audio conversations."
The company said the Flame's "complexity and functionality" exceeds all other malware known to date, which is why no anti-virus software had picked it up. It was uncovered during an investigation into another malware. That investigation, according to Kaspersky, was prompted after a destructive malware program had been deleting data on numerous computers in Western Asia; researchers were still in the midst of this investigation when Flame was uncovered.
Alexander Gostev, Chief Security Expert at Kaspersky Lab, noted in the company's news release
“The preliminary findings of the research, conducted upon an urgent request from ITU, confirm the highly targeted nature of this malicious program. One of the most alarming facts is that the Flame cyber-attack campaign is currently in its active phase, and its operator is consistently surveilling infected systems, collecting information and targeting new systems to accomplish its unknown goals.”
Kaspersky products detect this program as Worm.Win32.Flame, and has been categorized as a "super cyber-weapon." It was said that Flame is targeting specific computers and is being aligned with powerful malware, such as Stuxnet
, which had previously made headlines in 2010.
“The risk of cyber warfare has been one of the most serious topics in the field of information security for several years now," said Eugene Kaspersky, CEO and co-founder of Kaspersky Lab. "Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide. The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country. Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case.”
The authors of Flame are currently not known, but it is strongly suspected to have been written by a state intelligence agency; no indicators as to who might be behind its creation. The company has outlined
the biggest targets, which appear to be focused in the Middle East.
Kaspersky has noted the company is conducting a deeper investigation and says they will have more information to share in the near future. The company did note creation dates of the files were falsified in order to evade future detection.
After Stuxnet was discovered, cyber security experts emphasized that this raised the proverbial bar on computer viruses and changed the dynamics of computer security. This categorization of malware is particularly concerning because it can attack infrastructure
, such as nuclear and water treatment facilities.
Eric Chien, technical director at Symantec's Security Response Unit, had said in Oct. 2010
"I've been dealing with malicious code threats for 15 to 20 years now, I've seen every large sort of outbreak, and we've never seen anything like this," Chien says. "It's fundamentally changed our job, to be honest."
With Flame, it looks as if perhaps even a higher degree of sophistication may have emerged.
The New York Times points out
that if the report's findings are true, this is the third major cyber weapon to be uncovered since 2010.