May 29, 2012, 6:17 PM — The malware known as 'Flame,' that was described by the analysts who discovered it as a super-cyberweapon, is actually a tool for cyberespionage that has been running inside Iranian data centers and labs for as long as five years without being discovered or causing significant damage.
Contrast that with Stuxnet, an app designed to create damage and mayhem, which still hung around high-security facilities for a year or more, futzing with the speeds and sequencing of centrifuges refining nuclear fuel into weapons-grade material.
Contrast it, for that matter, with Windows, which causes huge disruptions every time a new version, a new Service Pack or even a significant set of new patches comes out (let alone with Windows-based malware helps someone steal data from usually not-so-secret installations) and you have a good case for stealth as a design goal.
Flame is no micro-app with little potential for bugs or mis-coding, either.
Kaspersky Labs discovered Flame a few weeks ago, but released a report on it only Monday, naming the threat Flame for a module within the package and estimating it could have taken as long as two years to spread to the thousand or so machines it infected without detection.
Hungary-based CrySys Labs, which calls the malware skyWiper, estimates it may have been around as long as five years.
The interesting thing (ok, another interesting thing) about Flame is that it is designed to use any resource available to swipe information from disk, keyboard or even conversation near an infected computer.
"It covers all major possibilities to gather intelligence, including keyboard, screen, microphone, storage devices, network, WiFi, Bluetooth, USB and system processes," according to CrySys' own report on the malware.
One module turns on an infected machine's microphone to record Skype converstations; another scans for names and contact lists in Bluetooth devices, a third takes screenshots of what its user is doing every minute or so, sending the images and data home via SSL-encrypted connection to its control servers.