Iran readies anti-virus for 'Flame' spy malware

Iran readies anti-virus for 'Flame' spy malware

ISTANBUL- Hürriyet Daily News
Iran readies anti-virus for Flame spy malware Iran claimed on Tuesday to have come up with an anti-virus programme against "Flame," extraordinarily sophisticated malware that hit its servers and deployed various spying modules, apparently at the behest of a foreign power.

"Tools to recognise and clean this malware have been developed and, as of today, they will be available for those (Iranian) organisations and companies who want it," Maher, a computer emergency response team coordination centre in Iran's telecommunications ministry, said on its website.

Flame, a crafty volume of code that can steal files, take screenshots, activate computer microphones to record conversations, log keystrokes and carry out other activities controlled remotely, was identified this week by leading anti-virus firms around the world.

Maher said Flame was undetectable by 43 different anti-virus programmes it tested, forcing it to come up with its own defence after "months of research." It did not give details of how its Flame-killer worked.

Iran appeared to be the main target of the worm-like malware, though it was also detected in other regions, including Israel and the Palestinian Territories, Sudan and Syria.

The virus hit Iran's oil ministry servers in April, forcing authorities to shut them down.

"Experts from Maher... have said that the theft of large volumes of data in recent weeks was caused by Flame," the Fars news agency reported.

Iran's foreign ministry spokesman, Ramin Mehmanparast, hinted that Israel could be behind the attack.

"It's in the nature of some countries or illegitimate regimes to produce viruses and hurt other countries. We hope that these viruses are knocked out and no one gets hurt," he told reporters in his weekly briefing.

Iran readies anti-virus for Flame spy malware
Map showing the number and geographical location of Flame infections detected by Kaspersky Lab on customer machines. Courtesy of Kaspersky

Use of Flame virus to deter Iran 'reasonable': Israel

For anyone facing the threat of a nuclear Iran, using cyberweapons such as the newly-discovered destructive virus known as Flame, would be a "reasonable" step, Israel's vice prime minister said on Tuesday.
 
"For anyone who sees the Iranian threat as significant, it is reasonable that he would take different steps, including these, in order to damage it," Strategic Affairs Minister Moshe Yaalon told Israel's army radio on Tuesday, just hours after the virus was discovered by Kaspersky Lab.
 
"Israel is blessed with being a country which is technologically rich, and these tools open up all sorts of possibilities for us," he said.
 
Late on Monday, Kaspersky Labs, a top Russian anti-virus firm said it had uncovered a new virus with unprecedented destructive potential, which was being used as a "cyberweapon" against several countries.
 
Kaspersky said the virus was several times larger than the Stuxnet worm that was discovered in June 2010 and used against the Iranian nuclear programme, with Israel widely suspected of involvement along with Western security agencies.
 
Flame is "actively being used as a cyber weapon attacking entities in several countries," a Kaspersky statement said, describing its purpose as "cyberespionage."

20 times larger than Stuxnet
 
"The complexity and functionality of the newly discovered malicious programme exceed those of all other cyber menaces known to date," it added.
 
It did not mention which country the virus was aimed at, but said the investigation began following complaints from the U.N.'s International Telecommunication Union about a piece of malware named Wiper, which was deleting sensitive information across the Middle East.
 
The malware code itself is 20MB in size - making it some 20 times larger than the Stuxnet virus.

According to Western media reports, Flame has been used to attack the Iranian oil ministry and Iran's main oil export terminal.

Kaspersky said Flame had been "in the wild" for more than two years, since March 2010. Officials with Symantec Corp and Intel Corp McAfee security division, the top 2 makers of anti-virus software, said they were studying Flame.
 
"It seems to be more complex than Duqu but it's too early to tell its place in history," said Dave Marcus, director of advanced research and threat intelligence with McAfee.
 
Most complex malicious software

Symantec Security Response manager Vikram Thakur said his company's experts believed there was a "high" probability that Flame was among the most complex pieces of malicious software ever discovered.
 
There is some controversy over who was behind Stuxnet and Duqu. Some experts suspect the United States and Israel, a view laid out in a January 2011 New York Times report that said they came from a joint program begun around 2004 to undermine what they said were Iran's efforts to build a bomb.
 
The U.S. Defense Department, CIA, State Department, National Security Agency, and U.S. Cyber Command declined to comment.
 
Hungarian researcher Boldizsar Bencsath, whose Laboratory of Cryptography and Systems Security first discovered Duqu, said his analysis showed that Flame may have been active for at least five years, perhaps even more than eight years.
 
That implies it was active long before Stuxnet.
 
"It's huge and overly complex, which makes me think it's a first-generation data gathering tool," said Neil Fisher, vice president for global security solutions at Unisys Corp. "We are going to find more of these things over time."
 
Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack was very significant. "This is basically an industrial vacuum cleaner for sensitive information," he told the BBC. He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated. "Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on."
 
Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks - almost in the same manner as adding apps to a smartphone.

Compiled from AFP, Reuters and BBC stories by the Daily News staff.

Quark.Models.Entities.Ancestor?.Title?.ToUpperInvariant() UN calls for inquiry into mass graves at Gaza hospitals

UN calls for inquiry into mass graves at Gaza hospitals
LATEST NEWS

  1. UN calls for inquiry into mass graves at Gaza hospitals

    UN calls for inquiry into mass graves at Gaza hospitals

  2. Ministry seizes 20 tons of illegal pesticide

    Ministry seizes 20 tons of illegal pesticide

  3. Short-term external debt at $174 billion

    Short-term external debt at $174 billion

  4. Caretta caretta season starts in country’s west

    Caretta caretta season starts in country’s west

  5. Türkiye calls for greater anti-terror solidarity with Germany

    Türkiye calls for greater anti-terror solidarity with Germany
Recommended
Turkish delight carried into the future

Turkish delight carried into the future
Adored ostrich dies after swallowing keys

Adored ostrich dies after swallowing keys
Ankaras Sümela Monastery: Alicin Geosite

Ankara's Sümela Monastery: Alicin Geosite
In world first, Venice to trial day tickets

In world first, Venice to trial day tickets
Irish artists urge Eurovision entrant boycott over Israel

Irish artists urge Eurovision entrant boycott over Israel
Rock & Roll Hall of Fame announces 2024 class of inductees

Rock & Roll Hall of Fame announces 2024 class of inductees
Istanbul Cinema Museum celebrates Devrim Erbil’s 60th year

Istanbul Cinema Museum celebrates Devrim Erbil’s 60th year
WORLD UN calls for inquiry into mass graves at Gaza hospitals

UN calls for inquiry into mass graves at Gaza hospitals

The United Nations has called for “a clear, transparent and credible investigation” of mass graves uncovered at two major hospitals in war-torn Gaza that were raided by Israeli troops.
ECONOMY Short-term external debt at $174 billion

Short-term external debt at $174 billion

Türkiye’s short-term external debt stock recorded $173.6 billion at the end of February, indicating a decrease of 0.9 percent compared to the end of 2023.
SPORTS Tour of Türkiye embarks on 8-stage journey

Tour of Türkiye embarks on 8-stage journey

The 59th Presidential Cycling Tour of Türkiye (TUR) kicks off on April 21 in the Mediterranean resort city of Antalya with the participation of 25 professional cycling teams.