THE CYBER SECURITY world is alight with reports about Flame, cyber espionage spyware that targets Iranian computers.
Flame, the Flamer or, the Flame, depending on where you read about it, is the subject of a report from the Iranian Computer Emergency Response Team (CERT) security group, where it is described as a new variant of malware with similarities to Stuxnet and Duqu.
Iran's CERT said that the malware is spread through local area networks (LANs) and removable media and is capable of network sniffing, detecting network resources and scooping up passwords.
"The name 'Flamer' comes from one of the attack modules, located at various places in the decrypted malware code," said the Iranian CERT advisory.
"In fact this malware is a platform which is capable of receiving and installing various modules for different goals."
It can screen grab passwords, transfer data to control servers and infect large scale local networks that run Windows XP, Windows Vista and Windows 7.
Security firm Kaspersky said that it first spotted the attack in 2010, adding that it represents a bigger threat than its competition and could be "the most sophisticated cyber weapon yet unleashed".
"Flame can easily be described as one of the most complex threats ever discovered. It's big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage," wrote Kaspersky security researcher Alexander Gostev.
"Flame is a sophisticated attack toolkit, which is a lot more complex than Duqu. It is a backdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master."
Flame is difficult to analyse because it is so complex, said Gostev. "Overall, we can say Flame is one of the most complex threats ever discovered," he explained.
Gostev confirms the Iranian's CERT report that the Trojan is targeting firms in that geography, adding that Flame's motive is to "systematically collect information on the operations of certain nation states in the Middle East, including Iran, Lebanon, Syria, Israel and so on".
"It looks like the creators of Flame are simply looking for any kind of intelligence - e-mails, documents, messages, discussions inside sensitive locations, pretty much everything," he added.
"We have not seen any specific signs indicating a particular target such as the energy industry - making us believe it's a complete attack toolkit designed for general cyber-espionage purposes." µ
Is restoring from backup really the better than prevention?
Allowed anyone to pinpoint locations visited by customers of SVR Tracking
Hackers gained access to systems using unsecured administrator's account
But Canonical's Mark Shuttleworth doesn't agree