Mystery virus sought 'designs from Iran': Russian firm

Jun 05, 2012
Code from the computer virus known as Flame. A mystery computer virus discovered last month and deployed in a massive cyberattack chiefly against Iran sought to steal designs and PDF files from its victims, a Russian firm said.

A mystery computer virus discovered last month and deployed in a massive cyberattack chiefly against Iran sought to steal designs and PDF files from its victims, a Russian firm said.

Kaspersky Lab, one of the world's biggest producers of anti-virus software, announced last month the discovery of the virus, which it described as the biggest and most sophisticated malware ever seen.

In the latest update on Kaspersky's analysis of the virus, released late Monday, the firm's chief , Alexander Gostev, said the malware's creators had focussed on file formats such as PDF and AutoCAD, a software for and drawing.

"The attackers seem to have a high interest in AutoCAD drawings," Gostev said in a statement.

The malware also "goes through PDF and text files and other documents and makes short text summaries," he added.

"It also hunts for e-mails and many different kinds of other 'interesting' (high-value) files that are specified in the configuration."

He confirmed that Iran was by far the biggest target with a count of 185 infections, followed by 95 in Israel and the Palestinian Territories, 32 in Sudan and 29 in Syria.

The discovery of Flame immediately sparked speculation that it had been created by US and Israeli security services to steal information about Iran's controversial nuclear drive.

Intriguingly, Kaspersky said that hours after the existence of the virus was first announced on May 28, "The Flame command-and-control infrastructure, which had been operating for years, went dark."

It gave no further information over the possible perpetrators of the mystery attack, though it identified about 80 domains that appear to belong to the Flame infrastructure, in locations from Hong Kong to Switzerland.

said it had used a procedure known as sinkholing -- which allows Internet security experts to gain control of a malicious server -- to analyse the operation.

During the sinkholing it found that on three computers in Lebanon, Iraq and Iran the Flame versions changed, suggesting Flame upgraded itself in the process.

The New York Times reported last week that President Barack Obama has accelerated cyberattacks on Iran's nuclear programme in an operation codenamed "Olympic Games" that uses a malicious code developed with Israel.

Explore further: Facebook goes retro with 'Rooms' chat app

add to favorites email to friend print save as pdf

Related Stories

Global wave of Flame cyber attacks called staggering

May 28, 2012

(Phys.org) -- Kaspersky Lab has discovered complex malware that has been in operation for at least five years, collecting data from countries including both Israel and Iran. Kaspersky experts think the masterminds ...

Obama stepped up cyberattacks on Iran: report

Jun 01, 2012

US President Barack Obama accelerated cyberattacks on Iran's nuclear program and expanded the assault even after the Stuxnet virus accidentally escaped in 2010, the New York Times reported Friday.

Flame virus a new age cyber spy tool

May 31, 2012

The Flame computer virus that smoldered undetected for years in Middle Eastern energy facilities confirmed fears that the world has entered a new age of cyber espionage and sabotage.

US, Iran dig in for long cyber war

Jun 02, 2012

The United States and Iran are locked in a long-running cyber war that appears to be escalating amid a stalemate over Tehran's disputed nuclear program.

Iran says Duqu malware under 'control'

Nov 13, 2011

Iran said on Sunday it had found a way to "control" the computer malware Duqu, which is similar to Stuxnet virus which in 2010 attacked its nuclear programme and infected more than 30,000 computers.

Recommended for you

Facebook goes retro with 'Rooms' chat app

13 hours ago

Facebook on Thursday released an application that lets people create virtual "rooms" to chat about whatever they wish using any name they would like.

Some online shoppers pay more than others, study shows

14 hours ago

Internet users regularly receive all kinds of personalized content, from Google search results to product recommendations on Amazon. This is thanks to the complex algorithms that produce results based on users' profiles and ...

Twitter looks to weave into more mobile apps

Oct 22, 2014

Twitter on Wednesday set out to weave itself into mobile applications with a free "Fabric" platform to help developers build better programs and make more money.

Google unveils app for managing Gmail inboxes

Oct 22, 2014

Google is introducing an application designed to make it easier for its Gmail users to find and manage important information that can often become buried in their inboxes.

User comments : 0