A massive piece of malware, nicknamed “Flame” by security researchers at Kaspersky Lab, has been discovered attacking computers in Iran and the rest of the Middle East. The scale and sophistication of the malware suggests that it was commissioned by a nation-state, perhaps by the same parties that built StuxNet, which destroyed Iranian uranium centrifuges several years ago, and Duqu, a related Trojan that culled information from infected computers.
Flame doesn’t share any code with StuxNet or Duqu. But it is much larger—Duqu, for instance, was just 500 kilobytes, while Flame is 20 megabytes—and it impressed the Kaspersky researchers with its array of functions, which make it a kind of giant Swiss Army knife of malware.
Here’s some of what it can do, from Kim Zetter’s explainer at Wired:
Among Flame’s many modules is one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity; a module that turns Bluetooth-enabled computers into a Bluetooth beacon, which scans for other Bluetooth-enabled devices in the vicinity to siphon names and phone numbers from their contacts folder; and a module that grabs and stores frequent screenshots of activity on the machine, such as instant-messaging and email communications, and sends them via a covert SSL channel to the attackers’ command-and-control servers. The malware also has a sniffer component that can scan all of the traffic on an infected machine’s local network and collect usernames and password hashes that are transmitted across the network.
Flame been active for at least two years, probably longer, though it’s hard to tell because the malware’s littered with false dates (it’s pretty clear, for example, that no matter what its records say, Flame wasn’t infecting computers in 1994). It will take quite a while for researchers to unravel all its functions and learn more about its origins: A security expert at Kasperksy calls it “one of the most complex threats ever discovered.”
Get the full details on Flame at Wired’s Threat Level.