New “Flame” Malware is One of the Most Complex Cyber Weapons Yet

By Veronique Greenwood | May 29, 2012 1:16 pm

A massive piece of malware, nicknamed “Flame” by security researchers at Kaspersky Lab, has been discovered attacking computers in Iran and the rest of the Middle East. The scale and sophistication of the malware suggests that it was commissioned by a nation-state, perhaps by the same parties that built StuxNet, which destroyed Iranian uranium centrifuges several years ago, and Duqu, a related Trojan that culled information from infected computers.

Flame doesn’t share any code with StuxNet or Duqu. But it is much larger—Duqu, for instance, was just 500 kilobytes, while Flame is 20 megabytes—and it impressed the Kaspersky researchers with its array of functions, which make it a kind of giant Swiss Army knife of malware.

Here’s some of what it can do, from Kim Zetter’s explainer at Wired:

Among Flame’s many modules is one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity; a module that turns Bluetooth-enabled computers into a Bluetooth beacon, which scans for other Bluetooth-enabled devices in the vicinity to siphon names and phone numbers from their contacts folder; and a module that grabs and stores frequent screenshots of activity on the machine, such as instant-messaging and email communications, and sends them via a covert SSL channel to the attackers’ command-and-control servers. The malware also has a sniffer component that can scan all of the traffic on an infected machine’s local network and collect usernames and password hashes that are transmitted across the network.

Flame been active for at least two years, probably longer, though it’s hard to tell because the malware’s littered with false dates (it’s pretty clear, for example, that no matter what its records say, Flame wasn’t infecting computers in 1994). It will take quite a while for researchers to unravel all its functions and learn more about its origins: A security expert at Kasperksy calls it “one of the most complex threats ever discovered.”

Get the full details on Flame at Wired’s Threat Level.

  • deirdrebeth

    Isn’t that pretty much the description at the beginning of Scanner Darkly (or the Matrix)?


  • Juanco Bravo

    Imagine this scenario: The software was created by less evolved software running covertly on the web.
    The end is nigh!

  • Tom Hewitt

    Do any of the anti-virus or firewalls in use today, i use Bell’s Internet Security Services, protect against these threats? How would you know if it has infected your laptop?

  • Ray higgins

    This is beginning to sound like a hole new class of software for it seems to be targeted and customizable to different environment. This is much more a true cyber recon-bot than a your typical virus or trojan. I wonder if it makes decision on what and when to attack. Is it autonomous (reasoning).

  • Pippa

    Maybe if advanced nations fight each other over the www they will not need to make conventional war – – –

  • James1st

    Pippa – To some extent this may be true. For example: If a hostile nation could insert a software bug that shut down the U.S.A. electrical grid, disrupt the communication systems, corrupt the military digital system, cause the nuclear facilities throughout the country to shut down, etc., it would for sure weaken any response the country might make to attack.

  • Aidan

    Tom Hewitt, I seriously doubt that it will ever get to North America, or Europe. Seeing as how the west (including Europe) is most likely the attacker. More specifically, I imagine it’s the countries that were involved in the recent talks regarding Iranian uranium enrichment uses. I think it was, the U.S, Britain, Russia, China (a few others from Europe I think)… Anyways, those countries have started upgrading their nuclear arms shortly after the talks started. They seem to be freaked out over Iran (with a real basis or not) so it’s understandable that they would do this.


Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!


80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.

See More

Collapse bottom bar