Flame spy virus gets order to self destruct..linked to Stuxnet
US computer security researchers said overnight that the Flame computer virus that smoldered undetected for years in Middle Eastern energy facilities has gotten orders to vanish, leaving no trace.
Anti-virus company Symantec said in a blog post that late last week, some Flame “command-and-control servers sent an updated command to several compromised computers.”
“This command was designed to completely remove (Flame) from the compromised computers.”
Flame malicious software (malware) appears to have been “in the wild” for two years or longer and prime targets so far have been energy facilities in the Middle East, especially in Iran.
The discovery of Flame immediately sparked speculation that it had been created by US and Israeli security services to steal information about Iran’s controversial nuclear drive.
Kaspersky Lab, one of the world’s biggest producers of anti-virus software, said the Flame virus was “about 20 times larger than Stuxnet,” the worm which was discovered in June 2010 and used against the Iranian nuclear program.
High concentrations of computers compromised by Flame were also found in Lebanon, the West Bank and Hungary. Additional infections have been reported in Austria, Russia, Hong Kong and the United Arab Emirates.
Compromised computers included many being used from home connections, according to security researchers who were looking into whether reports of infections in some places resulted from workers using laptops while traveling.
While the components and tactics of Flame were considered old-school, the gigantic virus’s interchangeable software modules and targeted nature were evidence that malware is a potent weapon in the Internet era.
The Flame computer virus which has been raging in the Middle East has strong links to Stuxnet, a malware program widely believed to have been developed by the United States or Israel, a security firm said Monday.
Kaspersky, the Russian computer security firm credited with discovering Flame last month, said its research shows the two programs share certain portions of code, suggesting some ties between two separate groups of programmers.
Kaspersky researcher Alexander Gostev said in a blog post that a first examination made it appear the two programs were unrelated.
“But it turns out we were wrong,” he wrote. “Our research unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame.”
Gostev said Flame, even though it was discovered just recently, appears to predate Stuxnet, which was created in 2009.
“By the time Stuxnet was created (in January-June 2009), the Flame platform was already in existence (we currently date its creation to no later than summer 2008) and already had modular structure,” he said.
“The Stuxnet code of 2009 used a module built on the Flame platform, probably created specifically to operate as part of Stuxnet.”
This, he said, points to the existence of “two independent developer teams… (each) developing its own platform since 2007-2008 at the latest.”
Kaspersky, one of the world’s biggest producers of anti-virus software, said the Flame virus was “about 20 times larger than Stuxnet,” the worm which was discovered in June 2010 and used against the Iranian nuclear program.
so its actually from before stuxnet..and then it self destructs!
is it possible stuxnet came from flame then?..this is highly sophisticated stuff..state based no doubt..