Mystery virus sought 'designs from Iran': Russian firm

June 5, 2012
Code from the computer virus known as Flame. A mystery computer virus discovered last month and deployed in a massive cyberattack chiefly against Iran sought to steal designs and PDF files from its victims, a Russian firm said.

A mystery computer virus discovered last month and deployed in a massive cyberattack chiefly against Iran sought to steal designs and PDF files from its victims, a Russian firm said.

Kaspersky Lab, one of the world's biggest producers of anti-virus software, announced last month the discovery of the virus, which it described as the biggest and most sophisticated malware ever seen.

In the latest update on Kaspersky's analysis of the virus, released late Monday, the firm's chief , Alexander Gostev, said the malware's creators had focussed on file formats such as PDF and AutoCAD, a software for and drawing.

"The attackers seem to have a high interest in AutoCAD drawings," Gostev said in a statement.

The malware also "goes through PDF and text files and other documents and makes short text summaries," he added.

"It also hunts for e-mails and many different kinds of other 'interesting' (high-value) files that are specified in the configuration."

He confirmed that Iran was by far the biggest target with a count of 185 infections, followed by 95 in Israel and the Palestinian Territories, 32 in Sudan and 29 in Syria.

The discovery of Flame immediately sparked speculation that it had been created by US and Israeli security services to steal information about Iran's controversial nuclear drive.

Intriguingly, Kaspersky said that hours after the existence of the virus was first announced on May 28, "The Flame command-and-control infrastructure, which had been operating for years, went dark."

It gave no further information over the possible perpetrators of the mystery attack, though it identified about 80 domains that appear to belong to the Flame infrastructure, in locations from Hong Kong to Switzerland.

said it had used a procedure known as sinkholing -- which allows Internet security experts to gain control of a malicious server -- to analyse the operation.

During the sinkholing it found that on three computers in Lebanon, Iraq and Iran the Flame versions changed, suggesting Flame upgraded itself in the process.

The New York Times reported last week that President Barack Obama has accelerated cyberattacks on Iran's nuclear programme in an operation codenamed "Olympic Games" that uses a malicious code developed with Israel.

Explore further: Iran says Duqu malware under 'control'

Related Stories

Iran says Duqu malware under 'control'

November 13, 2011

Iran said on Sunday it had found a way to "control" the computer malware Duqu, which is similar to Stuxnet virus which in 2010 attacked its nuclear programme and infected more than 30,000 computers.

Global wave of Flame cyber attacks called staggering

May 28, 2012

( -- Kaspersky Lab has discovered complex malware that has been in operation for at least five years, collecting data from countries including both Israel and Iran. Kaspersky experts think the masterminds are state-sponsored ...

Iran: 'Flame' virus fight began with oil attack (Update)

May 30, 2012

(AP) — Computer technicians battling to contain a complex virus last month resorted to the ultimate firewall measures — cutting off Internet links to Iran's Oil Ministry, rigs and the hub for nearly all the country's ...

Flame virus a new age cyber spy tool

May 31, 2012

The Flame computer virus that smoldered undetected for years in Middle Eastern energy facilities confirmed fears that the world has entered a new age of cyber espionage and sabotage.

Obama stepped up cyberattacks on Iran: report

June 1, 2012

US President Barack Obama accelerated cyberattacks on Iran's nuclear program and expanded the assault even after the Stuxnet virus accidentally escaped in 2010, the New York Times reported Friday.

US, Iran dig in for long cyber war

June 2, 2012

The United States and Iran are locked in a long-running cyber war that appears to be escalating amid a stalemate over Tehran's disputed nuclear program.

Recommended for you

The ethics of robot love

November 25, 2015

There was to have been a conference in Malaysia last week called Love and Sex with Robots but it was cancelled. Malaysian police branded it "illegal" and "ridiculous". "There is nothing scientific about sex with robots," ...

No lens? No problem for FlatCam

November 23, 2015

How thin can a camera be? Very, say Rice University researchers who have developed patented prototypes of their technological breakthrough.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.