June 5, 2012

Mystery virus sought 'designs from Iran': Russian firm

The discovery of Flame immediately sparked speculation that it had been created by US and Israeli security services
Code from the computer virus known as Flame. A mystery computer virus discovered last month and deployed in a massive cyberattack chiefly against Iran sought to steal designs and PDF files from its victims, a Russian firm said.

A mystery computer virus discovered last month and deployed in a massive cyberattack chiefly against Iran sought to steal designs and PDF files from its victims, a Russian firm said.

Kaspersky Lab, one of the world's biggest producers of anti-virus software, announced last month the discovery of the virus, which it described as the biggest and most sophisticated malware ever seen.

In the latest update on Kaspersky's analysis of the virus, released late Monday, the firm's chief , Alexander Gostev, said the malware's creators had focussed on file formats such as PDF and AutoCAD, a software for and drawing.

"The attackers seem to have a high interest in AutoCAD drawings," Gostev said in a statement.

The malware also "goes through PDF and text files and other documents and makes short text summaries," he added.

"It also hunts for e-mails and many different kinds of other 'interesting' (high-value) files that are specified in the configuration."

He confirmed that Iran was by far the biggest target with a count of 185 infections, followed by 95 in Israel and the Palestinian Territories, 32 in Sudan and 29 in Syria.

The discovery of Flame immediately sparked speculation that it had been created by US and Israeli security services to steal information about Iran's controversial nuclear drive.

Intriguingly, Kaspersky said that hours after the existence of the virus was first announced on May 28, "The Flame command-and-control infrastructure, which had been operating for years, went dark."

It gave no further information over the possible perpetrators of the mystery attack, though it identified about 80 domains that appear to belong to the Flame infrastructure, in locations from Hong Kong to Switzerland.

said it had used a procedure known as sinkholing -- which allows Internet security experts to gain control of a malicious server -- to analyse the operation.

During the sinkholing it found that on three computers in Lebanon, Iraq and Iran the Flame versions changed, suggesting Flame upgraded itself in the process.

The New York Times reported last week that President Barack Obama has accelerated cyberattacks on Iran's nuclear programme in an operation codenamed "Olympic Games" that uses a malicious code developed with Israel.

(c) 2012 AFP

Citation: Mystery virus sought 'designs from Iran': Russian firm (2012, June 5) retrieved 26 April 2024 from https://phys.org/news/2012-06-mystery-virus-sought-iran-russian.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Global wave of Flame cyber attacks called staggering
0 shares

Feedback to editors

Relevant PhysicsForums posts

Change fill-in color in PDF file with Adobe without Pro

9 hours ago

Flipped RGB colours in a TV

Apr 25, 2024

Fixing Linux kernel not found

Apr 16, 2024

Is an invisible LED mouse more accurate than one with a red LED?

Apr 15, 2024

AI In Actual Use

Apr 13, 2024

Does anyone make zero-flicker computer monitors?

Apr 13, 2024

More from Computing and Technology

Load comments (0)