It’s called Flame, and it’s a complex computer virus that’s been mining confidential information form systems in the Middle East for that past two years. The virus has penetrated networks in Iran, Israel, Lebanon, Sudan, Syria, Saudi Arabia and Egypt.
The threat is serious because it travels into computers to steal images of user screens, recording their instant messaging chats, remotely turning on their microphones and recording audio conversations.
It also monitors keystrokes and network traffic, according to a report by Kaspersky Labs, a Moscow-based security research firm.
If the report’s findings prove to be true, Flame would be the third major Internet weapon to have been discovered since 2010. The first, named Stuxnet, was intended to attack software in specialized industrial equipment, and was used to destroy centrifuges in an Iranian nuclear facility in 2010. The second virus, called Duqu, like Flame, performed reconnaissance. Security researchers believe Duqu was created by the same group of programmers behind Stuxnet.
The researchers said Flame appeared to have been developed by a different group of programmers. It contains 20 times more code than Stuxnet and is much more widespread than Duqu. Researchers believe Duqu hit fewer than 50 targets worldwide. Kaspersky’s researchers said they had detected Flame on thousands of computers belonging to individuals, private companies and universities across the Middle East.
“Flame can easily be described as one of the most complex threats ever discovered,” Alexander Gostev, the head of Kaspersky’s Global Research and Analysis team, wrote in a blog post on Monday. “It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.”
Researchers say they do not know who is behind the virus, but given its complexity and the geography of its targets, they said it was most likely being staged by a government. The authors of Stuxnet and Duqu are also unknown but their targets and digital evidence suggest to some researchers that they may have been part of a joint American-Israeli project to sabotage Iran’s nuclear program.
Kaspersky’s researchers said the majority of computers infected with Flame were located in Iran. Like Duqu and Stuxnet, Flame infects machines through a known security hole in the Windows operating software.