Image 01 Image 03

Stuxnet-on-steroids Flame virus hits Iran

Stuxnet-on-steroids Flame virus hits Iran

This is a little scary, particularly if it were put in the wrong hands. Via The Times of Israel:

A new, unprecedented computer virus called “Flame” (or “sKyWIper”) has hit Iran, the West Bank, and other Middle Eastern locations. It is already considered one of the most sophisticated cyber weapons ever unleashed. Internet security company Kaspersky said Monday that Flame was the “most complex piece of malicious software discovered to date.”

The cyber-espionage worm, designed to collect and delete sensitive information, is said to have 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility (and some 16,000 computers), causing centrifuges to fail. Iran blamed Israel and the US for its creation.

Flame is also believed to contain an element that was used in Stuxnet. Kaspersky said the Flame malware may have been lurking inside thousands of computers across the Middle East for between five and eight years. The creator of the virus is not yet known….

The country with the largest number of machines infected by Flame is believed to be Iran, following by the West Bank, and Sudan and Syria after that. Lebanon, Saudi Arabia, and Egypt have also been affected.

The Telegraph reports:

Kaspersky Labs said the programme appeared to have been released five years ago and had infected machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

“If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Roel Schouwenberg, a Kaspersky security senior researcher, said.

Professor Alan Woodward from the department of computing at the University of Surrey said the virus was extremely invasive. It could “vacuum up” information by copying keyboard strokes and the voices of people nearby.

This is just the latest in problems for Iran after Stuxnet:

Kaspersky’s researchers said the majority of computers infected with Flame were located in Iran. Like Duqu and Stuxnet, Flame infects machines through a known security hole in the Windows operating software.

Researchers discovered Flame while investigating reports that another computer virus, called Wiper, had been wiping out computer systems in Iran. The International Telecommunications Union, a United Nations agency, had asked Kaspersky’s researchers to look into Wiper when they discovered that thousands more computers had been infected with Flame.

The Kaspersky fact sheet on Flame is here (but as of this writing the site was down).


Donations tax deductible
to the full extent allowed by law.



doubtless the iranians were using licensed windows operating systems. i cannot figure out why they wouldnt use linux or some bsd operating system. but thank goodness they dont.

REALLY NOT good news for attorneys trying to maintain client confidentiality.

I wonder how long before it (or some variant) shows up in the private sector…

    Valerie in reply to Ragspierre. | May 28, 2012 at 9:00 pm

    It’s no more a problem for the lawyer than the confidentiality of the US mail. Legally, you handle it with a presumption.

    The difference is that the US mail can be swiped one item at a time.

Frank Scarn | May 28, 2012 at 5:35 pm

The country with the largest number of machines infected by Flame is believed to be Iran, following by the West Bank, and Sudan and Syria after that. Lebanon, Saudi Arabia, and Egypt have also been affected.


What a shame.

Looking to add the following: All remaining members of the OIC.

    barbara in reply to Frank Scarn. | May 28, 2012 at 5:42 pm

    My reaction was similar, Frank: Awwwww, ain’t that just too bad.

    Great minds, etc…. 😀

    1. Bill recently linked to Pam Geller’s report that the OIC and other usual suspects are trying to use the UN to control the Internet.

    2. Via SOPA and other mechanisms (and the willing connivance of countries that should know better), the USA is trying to impose its “intellectual property” monopoly on the rest of the world. Ten or so years ago I would have firmly declared that my country is an honest steward of the Internet on behalf of humanity. Today…

    3. The worst-case scenario is for Hollywood and the West’s wannabe hate speech police to make common cause with the likes of Putin, China, and the OIC.

    Eternal vigilance.

      Not wanting to be paranoid, but I think we need to be prepare for the worst case scenario. If Putin, the chinese et al are successful we need to have a plan “B”…sort of like a public domain Internet, even more decentralized than the one we have and that not even the NSA can control even if they want to. Does anyone know of any such effort in the works..?

      Juba Doobai! in reply to gs. | May 28, 2012 at 10:02 pm

      The amazing thing is that OUR Congress, which is famous for creating nothing, besides debt, of course, is contemplating allowing these Stone Age barbarians to have control of the internet the West created. Amazing!

    JackRussellTerrierist in reply to Frank Scarn. | May 29, 2012 at 1:06 pm

    Altogether a very uplifting article. The I-ranians got hammered and the UN unwittingly acknowledges that a private sector entity, Kaspersky, knows more than they do and that they NEED them.

Juba Doobai! | May 28, 2012 at 5:45 pm

To the creator(s) of Flame, Wipe Out, Stuxnet … this Bud’s for you.

9thDistrictNeighbor | May 28, 2012 at 5:47 pm

Revenge of the nerds.

I am shocked, shocked that Obama hasn’t claimed credit for Flame.

Uncle Samuel | May 28, 2012 at 6:10 pm

“If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Roel Schouwenberg, a Kaspersky security senior researcher, said.

The new warriors, moles and saboteurs are cyber combatants creating programs… and the new uniforms are jeans, sweats and pajamas.

If I were a member of the Iranian military I wouldn’t be feeling too confident in the software that ran my missiles targeting systems.

    barbara in reply to vanderleun. | May 28, 2012 at 6:59 pm

    Nonsense, vanderleun. I’m sure their targeting software is unaffected and wouldn’t do anything like send the missile in the direction of Tehran or anything….

    Honest. They’re safe. Really.

Samuel Keck | May 28, 2012 at 6:29 pm

Kaspersky’s researchers said the majority of computers infected with Flame were located in Iran.

As Gabriel Heatter famously intoned: There’s good news tonight.

This is great news. It was either a day-1 exploit, i.e., put in the hardware, or a tainted Windows update. Slick!

But now we need to watch out. See who caught it? The Russians. Why did they tell the rest of us? I guess they figure that the hole is plugged and it’s time to go public. How many Americans have the Kaspersky trojan “protecting” their machine? They are Iran’s ally. What might they have in store for us?

I have the Germans (Avira) watching my machine. But two years ago I had a DNS spoof that downloaded a fake module into Avira. I’m inclined to go with a domestic AV next time, but nothing is 100% secure.

    JerryB in reply to JerryB. | May 28, 2012 at 8:27 pm

    Oops – I guess that’s called day-zero or zero-day exploit. I’m a Fortran guy, so I start counting with 1.

Baruch Hashem Adonai
Get acquainted with the G-d of Israel. Ironic how nobody sees a preternatural influence in this. No human is smart enough to create this virus. Interesting the name FLAME when the Tanakh says the G-d of Israel is an all consuming fire.

We don’t need to see a preternatural influence in this. G-d blessed humankind with everything we need to make this world work, and then He delegated it to us. Then he gave the Jews instructions on how to make it work, the two greatest being “Love G-d” and “Love your neighbor.”

This country have been blessed, because our ancestors took the instruction to “Love your neighbor” and translated it into a government that recognizes that a government is an agreement among people, who have G-d-given rights, for the purpose of securing the blessings of liberty and securing their future.

G-d blessed us again and again, as our leaders extended the rights of citizenship from propertied men, to men, to all men and women.

G-d has blessed us through our people, and we have secured the benefit of His blessings, by letting all his people pursue their own happiness in their own fashion.

There isn’t anything preternatural about it.

    Juba Doobai! in reply to Valerie. | May 28, 2012 at 10:09 pm

    You don’t think the Hand of God working through men is preternatural?

    God does what He does for us. He uses whom He will, as and when He pleases. We see the actions of men. We see humanity moving, but we know it is preternatural because it is our God who saves and kills, who uses what we will that His will may be done among us.

    Sure, a man created these viruses, but from whence came the idea? From God.

    Hineh, baruch Hu YHWH.

May the “Flame” burn brightly in the land of Persia…

Good. I’ll light a candle tonight for the author of “The Flame.”

Juba Doobai! | May 28, 2012 at 10:10 pm

I love you guys on this board.


Reminds me of the movie Deterrence with Kevin Pollack.

If you haven;’t seen it I highly recommend it.

Three words. “Advanced Persistent Threat.”

Read about it. Understand it. Think about it. Make sure you have encrypted everything you really want to keep safe.

This is only going to get worse…

I was more impressed with their spy birds (last years story???), but this is a close second. *SNARK* 🙂

Seriously, after reading up on the Brett Kimberlain stuff, I’m glad the good guys at present are smarter.

We live in a small sector of history and the world where people aren’t cutting each other to ribbons. It feels like this virus may extend this oasis in time for a little while longer.

Why does every virus name sound completely menacing. Do they have devoted geniuses simply working on naming these things?

Ha! I knew some day my DOS 3.1 floppy disks would make me rich.

mem /c /p
cd c:\

Now if I can find my old copy of Quick Basic…..

“The International Telecommunications Union, a United Nations agency…”

Hello Unionized IT people, I got computer problems?
Yeah well, we’ll get someone out there between 5 & 8..

The first five years they thought their sensitive data going bye-bye was Allahs will (Flames be upon him), they spent the next three years praying for him to restore it.

    Squires in reply to OcTEApi. | May 29, 2012 at 8:41 am

    And next comes three more years of promising to have it all sorted out right away, Allah willing. Pip pip, insh’Allah and all that rot. A stiff upper lip for thee, and a fat one for thine wife.