May 30, 2012, 3:07 PM — A frightening computer virus called Flame is on the loose in Iran and other parts of the Middle East, infecting PCs and stealing sensitive data. Now, the United Nations' International Telecommunications Union warns that other nations face the risk of attack.
But what is Flame, exactly, and is it cause for concern among ordinary PC users? Here's what you need to know about what Kaspersky calls "one of the most complex threats ever discovered."
Flame Virus: The Basics
Kaspersky describes Flame as a backdoor and a Trojan with worm-like features. The initial point of entry for the virus is unknown -- spearphishing or infected websites are possibilities -- but after the initial infection, the virus can spread through USB sticks or local networks.
Flame is meant to gather information from infected PCs. As Kaspersky's Vitaly Kamlyuk told RT, the virus can sniff out information from input boxes, including passwords hidden by asterisks, record audio from a connected microphone and take screenshots of applications that the virus deems important, such as IM programs. It can also collect information about nearby discoverable Bluetooth devices. The virus then uploads all this information to command and control servers, of which there are about a dozen scattered around the world.
The virus is reminiscent of the Stuxnet worm that wreaked havoc on Iran in 2010, but Kaspersky says Flame is much complex, with its modules occupying more than 20 MB of code. "Consider this: it took us several months to analyze the 500K code of Stuxnet. It will probably take year to fully understand the 20MB of code of Flame," the firm said.
What Are Flame's Origins?
Flame has been in the wild since 2010, according to Kaspersky, but its creation date is unclear. The virus was discovered a month ago after Iran's oil ministry learned that several companies' servers had been attacked. That finding led to more evidence of attacks on other government ministries and industries in Iran.
Iran has claimed that the attacks also wiped the hard drives of some machines, but Kaspersky claims that the malware responsible, called Wiper, isn't necessarily related. Wiper attacks were isolated to Iran, while Flame has been found in other countries.