Flame virus given self-destruct order

Kaspersky Lab executive says portions of Flame, Stuxnet contain nearly identical code.

By
June 11, 2012 18:59
2 minute read.
A laptop.

laptop 311. (photo credit: Wikipedia Commons)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

The Flame computer virus that has been attacking Middle Eastern energy facilities, primarily in Iran, has been ordered to self destruct, the Symantec anti-virus company said on Sunday.

Meanwhile, a leading computer security firm has linked some of the software code in the powerful Flame virus to the Stuxnet cyber weapon, which is believed to have been used by the United States and Israel to attack Iran’s nuclear program.

Be the first to know - Join our Facebook page.


Eugene Kaspersky, chief executive of Moscow-based Kaspersky Lab, which uncovered Flame last month, said his researchers have since found that part of the Flame program code is nearly identical to code found in a 2009 version of Stuxnet.

On Stuxnet and Flame, “there were two different teams working in collaboration,” Kaspersky said at the Reuters Global Media and Technology Summit in London on Monday.

In comments that could be construed as suggesting that Israel is behind the Flame virus, Vice Premier Moshe Ya’alon said last month that that “whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them.”

In an official blog post, Symantec revealed that its command-and-control (C&C) servers had sent an updated directive to the virus, which it termed “Flamer,” designed to remove it from compromised computers.

According to the post, the command would “leave no traces of the [Flame] infection behind. Any client receiving this file would have had all traces of [Flame] removed.”

JPOST VIDEOS THAT MIGHT INTEREST YOU:


The origin of the Flame virus has been the subject of wide speculation. A number of Israeli computer experts told The Jerusalem Post that Flame’s complexity bears the hallmarks of a program engineered by a state.

The new research could bolster the belief of many security experts that Stuxnet was part of a massive US-led cyber program that is still active in the Middle East and perhaps other parts of the world.

Security experts from the Russian Kaspersky Lab firm announced Flame’s discovery on May 28, saying it was found in its highest concentration in Iranian computers.

It can also be found in other Middle Eastern locations, including in Israel, the West Bank, Syria and Sudan.

The virus has been active for as long as five years, as part of a sophisticated cyber warfare campaign, the experts said.

It is the most complex piece of malicious software discovered to date, according to Kaspersky Lab’s senior security researcher Roel Schouwenberg.

Although Kaspersky did not say who he thought built Flame, news organizations including Reuters and The New York Times have previously reported that the United States and Israel were behind Stuxnet, which was uncovered in 2010 after it damaged centrifuges used to enrich uranium at a facility in Natanz, Iran.

Instead of issuing denials, authorities in Washington recently launched investigations into the leaks about the highly classified project.

If the Lab’s analysis is correct, Flame could be the third major cyber weapon directed against Iran, after the Stuxnet virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin Duqu.

Reuters contributed to this report.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

The aftermath of an Iranian ballistic missile strike on the Koya headquarters of the KDP-I Iranian o
November 15, 2018
Senior IRGC commander: Israeli agent killed in September strikes on Kurds

By ANNA AHRONHEIM