Fox News on May 29, 2012, reported on the most sophisticated and powerful cyberweapon to date — a Swiss Army Knife spy tool that can evolve and change to deal with any situation — has been discovered on the loose in several Middle Eastern countries, security researchers said. Excerpts below:

The Worm.Win32.Flame threat, or “Flame” for short, was likely built by the same nation-state responsible for the Stuxnet virus that targeted Iran’s nuclear power plant in 2010. But this new weapon is twenty times the size of that cyberbomb and far more powerful, making it practically an army on its own, said Roel Schouwenberg, a senior security researcher with Kaspersky Labs.

“Flame is a cyberespionage operation,” he told FoxNews.com.

Its prime goal: capturing data from a machine. To accomplish that task, this unusually large and complex espionage tool is made up of several modules designed to accomplish specific tasks, explained Liam O Murchu, operations manager with Symantec Security Response.

Flame can grow and change, too: What makes this cyberweapon so powerful is the ability to be reconfigured with new modules that turn an infected PC or industrial control system into whatever tool a spy dreams up.

One module makes it a secret tape recorder, using the computer’s microphone to record nearby conversations. One makes it a radio, using a wireless Bluetooth connection to receive fresh commands and suck the address books out of nearby cell phones. One may turn it into a shredder, chewing through hard drives — as the Wiper virus did to Iran’s computers.

Indeed, certain file names associated with the threat are identical to those described in an incident involving the Iranian Oil Ministry, Symantec’s experts noted.

“Our current working theory is that flame and Stuxnet were parallel projects,” Schouwenberg told FoxNews.com. “Whoever commissioned Stuxnet also commissioned Flame.”

That cyberattack was very specific, however, while the Flame attack is broad, having been detected in more than half a dozen countries already: Hungary, Iran, and Lebanon, Austria, Russia, Hong Kong, and the United Arab Emirates, as well the Palestinian West Bank.

Researchers said it will take months if not years to fully dissect the massive program, which uses a database to store information rather than a simple text file — one more clue to the scope of the cyberspying.

“It’s very clear that there’s a lot of development in this area, every government is allocating more resources to cyberoffense. But can we call it a war? I’m not sure.”

Detecting these and other incidents becomes harder as the coders become more clever. Schouwenberg said that one Flame module is an incredibly savvy uninstaller, which lets the cyberweapon carefully extract itself from a computer before buffing the insides to clean


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: