Flame virus given self-destruct order

Kaspersky Lab executive says portions of Flame, Stuxnet contain nearly identical code.

laptop 311 (photo credit: Wikipedia Commons)
laptop 311
(photo credit: Wikipedia Commons)
The Flame computer virus that has been attacking Middle Eastern energy facilities, primarily in Iran, has been ordered to self destruct, the Symantec anti-virus company said on Sunday.
Meanwhile, a leading computer security firm has linked some of the software code in the powerful Flame virus to the Stuxnet cyber weapon, which is believed to have been used by the United States and Israel to attack Iran’s nuclear program.
Eugene Kaspersky, chief executive of Moscow-based Kaspersky Lab, which uncovered Flame last month, said his researchers have since found that part of the Flame program code is nearly identical to code found in a 2009 version of Stuxnet.
On Stuxnet and Flame, “there were two different teams working in collaboration,” Kaspersky said at the Reuters Global Media and Technology Summit in London on Monday.
In comments that could be construed as suggesting that Israel is behind the Flame virus, Vice Premier Moshe Ya’alon said last month that that “whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them.”
In an official blog post, Symantec revealed that its command-and-control (C&C) servers had sent an updated directive to the virus, which it termed “Flamer,” designed to remove it from compromised computers.
According to the post, the command would “leave no traces of the [Flame] infection behind. Any client receiving this file would have had all traces of [Flame] removed.”
The origin of the Flame virus has been the subject of wide speculation. A number of Israeli computer experts told The Jerusalem Post that Flame’s complexity bears the hallmarks of a program engineered by a state.
The new research could bolster the belief of many security experts that Stuxnet was part of a massive US-led cyber program that is still active in the Middle East and perhaps other parts of the world.
Security experts from the Russian Kaspersky Lab firm announced Flame’s discovery on May 28, saying it was found in its highest concentration in Iranian computers.
It can also be found in other Middle Eastern locations, including in Israel, the West Bank, Syria and Sudan.
The virus has been active for as long as five years, as part of a sophisticated cyber warfare campaign, the experts said.
It is the most complex piece of malicious software discovered to date, according to Kaspersky Lab’s senior security researcher Roel Schouwenberg.
Although Kaspersky did not say who he thought built Flame, news organizations including Reuters and The New York Times have previously reported that the United States and Israel were behind Stuxnet, which was uncovered in 2010 after it damaged centrifuges used to enrich uranium at a facility in Natanz, Iran.
Instead of issuing denials, authorities in Washington recently launched investigations into the leaks about the highly classified project.
If the Lab’s analysis is correct, Flame could be the third major cyber weapon directed against Iran, after the Stuxnet virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin Duqu.
Reuters contributed to this report.