Meet Flame, son of Stuxnet

Credit: flickr/david.orban

Remember Stuxnet, the malware targeted at the Iranian nuclear industry? Say hello to Flame (Win32.Flame), a 20MB piece of modern cyberwar weaponry.

Detailed by Kaspersky Lab Expert Aleks in a Questions and Answers entry on SecureList, Flame is 20 times larger than Stuxnet and has been floating around the Middle East for two years or more. It is "a backdoor, a Trojan, and it has worm-like features," according to Kaspersky, and reports to about 80 command-and-control domains. Various Flame modules can be initialized on infected systems to change the information gathered.

Flame is able to infect a fully patched Windows 7 system, indicating it leverages a zero-day exploit not yet known to security researchers. The complexity and size of Flame indicates the likely developer was a "government-sponsored entity" according to the Wall Street Journal. Other names for Flame are Flamer, Wiper, Viper, and sKyWIper. It may be the "most complex malware ever found," according to a CrySyS Lab report.

Has the cyberwar started?

my bet would be the Chinese, they are not overly friendly with any country in the middle east, and this virus seem aimed at everyone in that part of the world.

David 164 on

The Chinese already have an army of western servers under their control, silently. Their intent in doing this is unknown, as is the number of compromised servers.

jcollake on

This is an advanced mechanism employed by a state agency. The article isn't overt, but the implication is clearly that this device is of US origin and purpose. Personally, I'm happy to see the US engaging in this sort of behavior. National Defense with low cost and no lives lost!

Andrew Middleton on


Parts of it are in Lua. Hmmm.... I'd say that points the finger at China. Lua is the scripting language for World of Warcraft. We tend to see the most sophisticated WOW hacks come out of China.

Marvin Prince on

I'm getting the distinct impression from the labels, filenames etc. used in the code that this is put together by native English speakers. Competent ones, at that.

Dom 3 on

Lua was used as a fast way to write code that could be used on both iOS and Android platforms.

ian hickey on

Security advice

If you want security, use a pencil, paper, and a safe.

Chris King on

What if it's just a massive game of social engineering? Click here to install the 'FLAME Removal Tool' (really, trust us...). LOL.

Anonymous Coward on

It's getting to the point where you need to restore a pristine disk image at least once a week. Or for the truly paranoid, use a Live CD.

Trashreader on

Iran's Computer Emergency Response Team announced it has developed software to kill the Flame malware. Do you believe them?

For the latest IT news, analysis and how-tos, follow ITworld on Twitter, Facebook, and Google+.

Now read this:

Developer declares 'I am done with the Freemium Business Model'

Khan Academy offers JavaScript as their first computer language

Study says Facebook profile can predict job performance

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon