(Reuters) - Security experts have discovered a highly sophisticated computer virus in Iran and other Middle East countries that they believe was deployed at least five years ago to engage in state-sponsored cyber espionage.

Evidence suggest that the virus, dubbed Flame, may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010, according to Kaspersky Lab, the Russian cyber security software maker that claimed responsibility for discovering the virus.

A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.

Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.

Researchers at Kaspersky estimated that around 5,000 personal computers around the world have been infected by the virus, Iran being hit the hardest, with 189 infected computers, followed by Israel and the Palestinian territories (98 computers), Sudan (32), Syria (30),Lebanon (18), Saudi Arabia (10) and Egypt (5).

If the lab's analysis is correct, Flame could be the third major cyber weapon uncovered after the Stuxnet virus that attacked Iran's nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.

The discovery by one of the world's largest makers of anti-virus software will likely fuel speculation that nations have already secretly deployed other cyber weapons.

and why would the russians be sabotaging iran, an ally, to help the u.s. and israel, enemies, out of the goodness of their hearts.

Kaspersky's research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.

the only incentive is money and oil.

Kaspersky's research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.

Originally posted by neo96
reply to post by tothetenthpower

---

Kaspersky's research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.

Why would they infect themselves?

Originally posted by neo96
reply to post by tothetenthpower

---

Kaspersky's research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.

Why would they infect themselves?

Iran has thus far been hardest hit by Flame, with at least 189 infections. Israel/Palestine came in second with 98, followed by Sudan (32), Syria (30), Lebanon (18), Saudi Arabia (10), and Egypt (5).

Kaspersky has not identified any specific organization that Flame is targeting. "From the initial analysis, it looks like the creators of Flame are simply looking for any kind of intelligence - emails, documents, messages, discussions inside sensitive locations, pretty much everything,"

Kaspersky said Flame is a "sophisticated attack toolkit." It is almost 20MB when fully deployed, which Gostev said makes it "extremely difficult" to analyze.

"The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a LUA virtual machine," he said.

I dunno, in order to be able to see how systems interact with the virus and to create the appropriate fixes to resolving the issue if the virus was used against them as opposed to for them.

Peopel who make virus' test them on their own systems first usually, to make sure that the code is effective; what's the point of releasing a dud that would be picked up and fixed by Kaperski or another large anti-virus manufacturer?

Now if true,the common theories of who has been behind them being the evil US and Israel can now be put to rest.

Originally posted by Corruption Exposed
reply to post by neo96

---

Interesting article and ty for posting. But your interpretation of the whole thing is much different than mine.

How the heck did you come up with this?

Now if true,the common theories of who has been behind them being the evil US and Israel can now be put to rest.

Talk about a spin bro!

When investigating an earlier variant of the virus, researchers discovered a driver signed in 2007, suggesting that development on Duqu could have begun as early as four years ago.

When digging about the source code of an earlier version for clues on how Duqu works and who made it, Moscow-based Kaspersky Lab discovered an “easter egg” of sorts: a reference to Showtime’s hit television show Dexter.

Duqu is a sophisticated Trojan that was created by the same people who created the infamous Stuxnet worm. Its main purpose is to act as a backdoor into the system and facilitate the theft of private information. Duqu was first detected in September 2011, but according to Kaspersky Lab data, the first trace of Duqu-related malware dates back to August 2007. The company’s experts have recorded over a dozen incidents involving Duqu, with the vast majority of victims located in Iran. An analysis of the victim organizations’ activities and the nature of the information targeted by the Duqu authors clearly suggest the main goal of the attacks was to steal information about industrial control systems used in a number of industries as well as gathering intelligence about the commercial relations of a whole range of Iranian organizations.

The connection between Duqu and Stuxnet was revealed during the analysis of one of the incidents with regard to Duqu. During the investigation of the infected system thought to have been attacked in August 2011, a driver was found that was similar to the one used by one of the versions of Stuxnet. Though there were clear likenesses between the two drivers, there were also some differences in the details, such as the date of signing of the digital certificate. Other files which it was possible to attribute to the activity of Stuxnet were not found, but there were traces of activity of Duqu.

Ever since the discovery of the worm, which Microsoft says dates back to January 2009, there has been incessant speculation that Stuxnet is a nation-state attack against Iranian nuclear plants. We’ve heard murmurings of biblical references and public confirmation that the Iran’s Buescher nuclear reactor was the main target.

Now comes O Murchu with this tittilating disclosure suggesting a direct link to Israel. However, security experts are cautioning against reading too much into anything deliberately left in the code by the Stuxnet authors because, at this level, there could be all kinds of decoys and misdirection.

Symantec security researcher Liam O Murchu (photo above) says he found the “05091979″ date in the Stuxnet code, a possible link to the May 9, 1979 execution of Jewish Iranian businessman and philantropist Habib Elghanian.