Newly identified computer virus, used for spying, is 20 times size of Stuxnet

Researchers have identified a sophisticated new computer virus 20 times the size of Stuxnet, the malicious software that disabled centrifuges in an Iranian nuclear plant. But unlike Stuxnet, the new malware appears to be used solely for espionage.

Variously dubbed Flame, Skywiper and Flamer, the new virus is the largest and possibly most complex piece of malware ever discovered, which suggests it is state-sponsored, researchers said.

More tech stories

5 things to know about today’s Google Glass sale

5 things to know about today’s Google Glass sale

Google is briefly opening the doors to its Google Glass explorers program to any U.S. adult with a shipping address.

The cost of being a great innovator

The cost of being a great innovator

You’ll build an amazing r sum , but will you have to sacrifice other parts of your life?

Why we need zero-energy companies

Why we need zero-energy companies

U.S. corporations should reach this goal by 2050, before the worst effects of climate change arrive.

It is loaded with functions, but so far none appear to be destructive, they said.

As with Stuxnet, the creator of Flame remains a mystery, though some analysts say they suspect Israel and the United States, given the virus’s sophistication, among other things.

Some researchers say that certain characteristics common to Stuxnet and Flame suggest that whoever ordered up Stuxnet is also behind Flame.

“It’s very likely it’s two teams working effectively on the same program but using two very different approaches,” said Roel Schouwenberg, a senior researcher with Kaspersky Labs, a Russian cybersecurity firm, which announced its analysis of Flame on Monday.

Still, much research remains to be done on the new virus, which has also been analyzed by CrySys, a cryptography and system security lab at the Budapest University of Technology and Economics.

Skywiper, as CrySys calls the virus, may have been active for as long as five to eight years. It uses five encryption methods, three compression techniques and at least five file formats. Its means of gathering intelligence include logging keyboard strokes, activating microphones to record conversations and taking screen shots, CrySys reported.

It is also the first identified virus that is able to use Bluetooth wireless technology to send and receive commands and data, Schouwenberg said.

One of the characteristics Stuxnet and Flame share is the ability to spread through computers that can share a printer on one network by exploiting a particular Windows vulnerability, Schouwenberg said. Flame is reminiscent of DuQu, a virus thought to be related to Stuxnet, in that its function is espionage.

“We would position Flame as a project running parallel to Stuxnet and DuQu,” Kaspersky Labs said in a blog post Monday.

Flame contains 20 megabytes of code. Though malware’s size is not per se a measure of sophistication, Schouwenberg said, in this case “its size shows that it’s taken a lot of time and work to create.”

So far Kaspersky, which has clients around the world, has identified Flame infections primarily in Iran, Israel and other Middle Eastern countries but none in Europe or North America. The infections have hit computers belonging to individuals, educational institutions and state- related organizations, Kaspersky said.

The virus’s creators seemed interested in general intelligence — e-mails, documents, even instant messages, Kaspersky said. But the lab has no evidence so far to document any data stolen.

 
Read what others are saying