The Flame computer virus that has been attacking Middle Eastern energy
facilities, primarily in Iran, has been ordered to self destruct, the Symantec
anti-virus company said on Sunday.
Meanwhile, a leading computer security
firm has linked some of the software code in the powerful Flame virus to the
Stuxnet cyber weapon, which is believed to have been used by the United States
and Israel to attack Iran’s nuclear program.
Eugene Kaspersky, chief
executive of Moscow-based Kaspersky Lab, which uncovered Flame last month, said
his researchers have since found that part of the Flame program code is nearly
identical to code found in a 2009 version of Stuxnet.
On Stuxnet and
Flame, “there were two different teams working in collaboration,” Kaspersky said
at the Reuters Global Media and Technology Summit in London on Monday.
In
comments that could be construed as suggesting that Israel is behind the Flame
virus, Vice Premier Moshe Ya’alon said last month that that “whoever sees the
Iranian threat as a serious threat would be likely to take different steps,
including these, in order to hurt them.”
In an official blog post,
Symantec revealed that its command-and-control (C&C) servers had sent an
updated directive to the virus, which it termed “Flamer,” designed to remove it
from compromised computers.
According to the post, the command would
“leave no traces of the [Flame] infection behind. Any client receiving this file
would have had all traces of [Flame] removed.”
The origin of the Flame
virus has been the subject of wide speculation. A number of Israeli computer
experts told The Jerusalem Post that Flame’s complexity bears the hallmarks of a
program engineered by a state.
The new research could bolster the belief
of many security experts that Stuxnet was part of a massive US-led cyber program
that is still active in the Middle East and perhaps other parts of the
world.
Security experts from the Russian Kaspersky Lab firm announced
Flame’s discovery on May 28, saying it was found in its highest concentration in
Iranian computers.
It can also be found in other Middle Eastern
locations, including in Israel, the West Bank, Syria and Sudan.
The virus
has been active for as long as five years, as part of a sophisticated cyber
warfare campaign, the experts said.
It is the most complex piece of
malicious software discovered to date, according to Kaspersky Lab’s senior
security researcher Roel Schouwenberg.
Although Kaspersky did not say who
he thought built Flame, news organizations including Reuters and The New York
Times have previously reported that the United States and Israel were behind
Stuxnet, which was uncovered in 2010 after it damaged centrifuges used to enrich
uranium at a facility in Natanz, Iran.
Instead of issuing denials,
authorities in Washington recently launched investigations into the leaks about
the highly classified project.
If the Lab’s analysis is correct, Flame
could be the third major cyber weapon directed against Iran, after the Stuxnet
virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin
Duqu.
Reuters contributed to this report.