Virus attacking Iran given 'self destruct' order

Symantec anti-virus company says directive sent by C&C servers to infected computers will "leave no traces" of malware behind.

By
June 11, 2012 11:10
1 minute read.
A laptop.

laptop 311. (photo credit: Wikipedia Commons)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user uxperience almost completely free of ads
  • Access to our Premium Section and our monthly magazine to learn Hebrew, Ivrit
  • Content from the award-winning Jerusalem Repor
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later Don't show it again

The Flame computer virus that has been attacking Middle Eastern energy facilities, primarily in Iran, has been ordered to self destruct, Symantec anti-virus company stated Sunday.

The origin of the Flame virus has been the subject of wide speculation. A number of Israeli computer experts told The Jerusalem Post that the complexity of the Flame bears the hallmarks of a program engineered by a state.

Be the first to know - Join our Facebook page.


In an official blog post, Symantec revealed that the virus, which it termed "Flamer," had been sent an updated directive from its command-and-control (C&C) servers designed to completely remove itself from compromised computers.

According to the post, the command would "leave no traces of the (Flame) infection behind."

"Any client receiving this file would have had all traces of [Flame] removed," the blog post stated.

Security experts from the Russian Kaspersky Lab announced Flame’s discovery on May 28, saying it is found in its highest concentration in Iranian computers. It can also be found in other Middle Eastern locations, including Israel, the West Bank, Syria and Sudan.

The virus has been active for as long as five years, as part of a sophisticated cyber warfare campaign, the experts said.



It is the most complex piece of malicious software discovered to date, according to Kaspersky Lab’s senior security researcher Roel Schouwenberg.

If the Lab’s analysis is correct, Flame could be the third major cyber weapon directed against Iran, after the Stuxnet virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin Duqu.

In comments that could be construed as suggesting that Israel is behind the Flame virus, Vice Premier Moshe Ya'alon said last month that that "whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them."

Yaakov Lappin contributed to this report

Related Content

July 16, 2018
Mass protests sweep Iraq, target pro-Iran militias and parties

By SETH J. FRANTZMAN