Virus Infects Computers Across Middle East

A complex computer virus has been pilfering confidential information from computers in the Middle East for at least two years, according to a security report released on Monday.
The virus, called Flame, has been infecting computers in Iran, Israel, Lebanon, Sudan, Syria, Saudi Arabia and Egypt. It has been grabbing images of users’ computer screens, recording their instant messaging chats, remotely turning on their microphones to record their audio conversations and monitoring their keystrokes and network traffic, according to a report by Kaspersky Labs, a Moscow-based security research firm.
If the report’s findings prove to be true, Flame would be the third major Internet weapon to have been discovered since 2010. The first, named Stuxnet, was intended to attack software in specialized industrial equipment, and was used to destroy centrifuges in an Iranian nuclear facility in 2010. The second virus, called Duqu, like Flame, performed reconnaissance. Security researchers believe Duqu was created by the same group of programmers behind Stuxnet.
The researchers said Flame appeared to have been developed by a different group of programmers. It contains 20 times more code than Stuxnet and is much more widespread than Duqu. Researchers believe Duqu hit fewer than 50 targets worldwide. Kaspersky’s researchers said they had detected Flame on thousands of computers belonging to individuals, private companies and universities across the Middle East.
“Flame can easily be described as one of the most complex threats ever discovered,” Alexander Gostev, the head of Kaspersky’s Global Research and Analysis team, wrote in a blog post on Monday. “It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.”
Researchers say they do not know who is behind the virus, but given its complexity and the geography of its targets, they said it was most likely being staged by a government. The authors of Stuxnet and Duqu are also unknown but their targets and digital evidence suggest to some researchers that they may have been part of a joint American-Israeli project to sabotage Iran’s nuclear program.
Kaspersky’s researchers said the majority of computers infected with Flame were located in Iran. Like Duqu and Stuxnet, Flame infects machines through a known security hole in the Windows operating software.
Researchers discovered Flame while investigating reports that another computer virus, called Wiper, had been erasing computer programs in Iran. The International Telecommunications Union, a United Nations agency, had asked Kaspersky’s researchers to look into Wiper when they discovered that thousands more computers had been infected with Flame.