‘Flame’, a newly discovered malware attack apparently targetting government organisations in the Middle East, has been described as one of the most complex threats ever found.
According to researchers, Flame is a malware platform, capable of supporting multiple functionality modules, including recording audio through the infects PC’s microphone. It can also ‘sniff’ network traffic, take screenshots and record keystrokes, sending all this information back to a command and control server.
Flame was first reported by Iran’s Computer Emergency Readiness Team (CERT), named MAHER, which believes it may lie behind “recent incidents of mass data loss” in the country. MAHER said that it tested 43 anti-virus products, and none were capable of discovering the threat.
According to Kaspersky Lab, Flame has been discovered across the Middle East, suggesting that its purpose is to “systematically collect information on the operations of certain nation states”.
However, Hungarian security research company Crysys, which independently discovered the malware, says there is evidence of it existing in Europe as early as 2007.
Both Kaspersky and Crysys have compared Flame to Stuxnet and Duqu, previous attacks targeted at Iran, due to its complexity and apparent motive.
Crsys wrote that technical differences suggest Flame was not built by the same people as Stuxnet and Duqu. “However, we cannot exclude the possibility that the attackers hired multiple independent development teams for the same purpose, and [Flame] and Duqu are two independent implementations developed for the same requirement specifications.
“This may be an approach to increase the robustness of an operation, which can persist even if one of the two (or more?) implementations is uncovered.