Sophisticated 'Flame' Malware Discovered

Guest_Jim_* - May 29, 2012 10:19AM in Bugs / Virus

Normally the discovery of a computer virus is not big enough news to warrant coverage by large media outlets, but in the past few years there have been some too important to not cover. First it was Stuxnet, a Trojan of uncertain origin that attacked the nuclear facilities in Iran and destroyed equipment there. Another Trogan named Duqu was found later and it shows a higher level of complexity than Stuxnet, though many believe the two are related. Unlike Stuxnet though, Duqu has not been activated yet, so no one knows what its purpose is, except for those who wrote it. Now another virus has been found and it, like its predecessors, has been found attacking targets in Iran and the Middle East.

As researchers at Kaspersky Lab analyzed Duqu they found it had some coding in it that they were not familiar with. After asking for help from the Internet the solution was found, and it indicated that whoever made the malware is very experienced with programming. This new virus, named Flame, surpasses both Stuxnet and Duqu in complexity and size.

Most computer viruses are small, making it easy for them to go undetected. Duqu and Stuxnet at 500 KB were heavyweights, but Flame comes in at an astounding 20 MB, with one module alone 6 MB in size. Considering the large scope of what Flame can do, this is not entirely surprising. The virus not only is capable of stealing your passwords as it records keystrokes, but it can also activate and record voices with a computer's microphone, take screenshots, monitor network traffic, and communicate with BlueTooth devices.

This level of complexity has led every research group that has analyzed it to the same conclusion about Flame's origin. The virus was likely written by a nation-state because the level of expertise required for this piece of malware would necessitate a large budget. Also, as English text was found in the code, the researchers believe it was created by native English speakers. Both Duqu and Stuxnet are alleged to have been made by nation-states, but it has not been conclusively proven.