May 29, 2012, 11:02 AM —
Remember Stuxnet, the malware targeted at the Iranian nuclear industry? Say hello to Flame (Win32.Flame), a 20MB piece of modern cyberwar weaponry.
Detailed by Kaspersky Lab Expert Aleks in a Questions and Answers entry on SecureList, Flame is 20 times larger than Stuxnet and has been floating around the Middle East for two years or more. It is "a backdoor, a Trojan, and it has worm-like features," according to Kaspersky, and reports to about 80 command-and-control domains. Various Flame modules can be initialized on infected systems to change the information gathered.
Flame is able to infect a fully patched Windows 7 system, indicating it leverages a zero-day exploit not yet known to security researchers. The complexity and size of Flame indicates the likely developer was a "government-sponsored entity" according to the Wall Street Journal. Other names for Flame are Flamer, Wiper, Viper, and sKyWIper. It may be the "most complex malware ever found," according to a CrySyS Lab report.
Has the cyberwar started?
This is an advanced mechanism employed by a state agency. The article isn't overt, but the implication is clearly that this device is of US origin and purpose. Personally, I'm happy to see the US engaging in this sort of behavior. National Defense with low cost and no lives lost!
Andrew Middleton on wired.com
Parts of it are in Lua. Hmmm.... I'd say that points the finger at China. Lua is the scripting language for World of Warcraft. We tend to see the most sophisticated WOW hacks come out of China.
Marvin Prince on wsj.com
What if it's just a massive game of social engineering? Click here to install the 'FLAME Removal Tool' (really, trust us...). LOL.
Anonymous Coward on theregister.co.uk
Iran's Computer Emergency Response Team announced it has developed software to kill the Flame malware. Do you believe them?