In 2010, the Stuxnet
worm made global headlines as it attacked the Iranian nuclear program. Described by the Wikipedia as “the first discovered malware
that spies on and subverts industrial systems,” Stuxnet was identified by the Belarussian antivirus software vendor, VirusBlokAda. Currently, a vastly larger and more powerful malware program called Flame (or sKyWIper) is infecting computers in Iran and neighboring countries. Flame, recently identified by the Russian anti-virus firm Kaspersky Lab, is so sophisticated that it might have been present, undetected, for years. According to a recent article
, Flame’s “complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals — marking it as yet another tool in the growing arsenal of cyberweaponry.” The Wired
article goes on to state that Flame is “designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.” According to another recent article
, Flame has hit at least 600 computer systems thus far.
Speculations about the origin of Flame focus mostly on Israel and the United States. The fact that it is so large— 20 megabytes—has led to some interesting observations. One commentator on the Wired site (Lan8) joked about “Bloatware for malware, I LOVE it! Probably written in Redmond [home of Microsoft]. I wonder if you get a trial version of Warcraft with it?” Yet the same observer goes on more seriously to speculate that:
[I]t’s the American version of the Israeli Stuxnet/DuQu … It seems to me that all the various components that do all the nifty little spy tricks seems like an American approach to spying (“give me everything you’ve got on….”) rather than the lean mean spying machine that was Stuxnet/DuQu, a more targeted and specific Russian/Israeli approach to similar ends.