Ever since Flame, a gigantic piece of malware that lifts data from infected computers, was uncovered by security researchers three weeks ago, people have been wondering who could have built such a thing. Its powers, and the fact that it had apparently been operating in secret for years, shocked experts, who called it “one of the most complex threats ever discovered.”
More revelations followed: World-class mathematicians had worked on it, doing new science to develop its attacks. At first it was thought that Flame had nothing in common with Stuxnet, the US and Israeli-built virus that targeted Iran’s nuclear program and has become synonymous with the new age of cyberwarfare. Closer analysis, however, revealed that an early module of Flame had identified and exploited a then-unknown weakness in Microsoft Windows. The same capability showed up later in Stuxnet. The two pieces of malware had apparently communicated at least once, with Flame, which primarily gathers information, passing data to Stuxnet, which used that data to inflict damage.
A massive piece of malware, nicknamed “Flame” by security researchers at Kaspersky Lab, has been discovered attacking computers in Iran and the rest of the Middle East. The scale and sophistication of the malware suggests that it was commissioned by a nation-state, perhaps by the same parties that built StuxNet, which destroyed Iranian uranium centrifuges several years ago, and Duqu, a related Trojan that culled information from infected computers.
Flame doesn’t share any code with StuxNet or Duqu. But it is much larger—Duqu, for instance, was just 500 kilobytes, while Flame is 20 megabytes—and it impressed the Kaspersky researchers with its array of functions, which make it a kind of giant Swiss Army knife of malware.