Iranian officials have acknowledged that a sophisticated virus has infected computers across the country and, echoing the conclusions of security researchers, suggested that the malicious code is related to the virus that damaged centrifuges in an Iranian nuclear facility two years ago.
In a statement, Iran’s National Computer Emergency Response Team said that “investigations during the last few months” had resulted in the detection of the virus, which has been dubbed Flame and is capable of stealing data from infected computers.
“It seems there is a close relation to the Stuxnet and Duqu targeted attacks,” the statement said, referring to two other viruses. Stuxnet damaged hundreds of centrifuges at the Natanz nuclear plant. Duqu, like Flame, was apparently built for espionage but shared characteristics with Stuxnet.
The Iranians also said they had developed tools to detect and remove Flame from infected computers.
Iran has in the past blamed Israel and the United States for creating Stuxnet, but there has been no proof of authorship.
Although Israeli officials have generally not commented on Iranian accusations that their country was behind that virus, a deputy to Prime Minister Benjamin Netanyahu on Tuesday appeared to hint at Israel’s possible involvement in manufacturing Flame.
Speaking on Israel’s Army Radio, Moshe Yaalon, the vice prime minister and minister for strategic affairs, said the virus was “apparently” state sponsored.
“Whoever sees the Iranian threat as a significant threat — and it’s not only Israel, it’s the whole Western world, led by the United States — it’s certainly reasonable that he uses all means at his disposal, including these, to harm the Iranian nuclear system,” Yaalon said.
He added, “Israel is blessed with being a country rich in high-tech, and from that perspective, these achievements we take pride in, both in the civilian sector and defense sector, open up very many opportunities.”
White House spokesman Jay Carney declined to comment, as did a spokesman for the CIA; officials at the Defense Department referred questions to the Department of Homeland Security. A spokesman for the DHS said the department has been made aware of the malware and is working with other U.S. agencies to analyze its potential impact on the United States.
Security researchers say Flame is capable to logging keyboard strokes, activating microphones to record conversations and taking screen shots.
Experts have cautioned that it is far too early to draw conclusions about who might have created the virus and why. “There’s a lot of guessing going on out there, and I don’t think a lot of it is based on facts,” said Jody Westby, chief executive of Global Cyber Risk, a consulting firm.
Iran was among several countries that about a week ago reported the infection to a U.N. agency responsible for communications technology, the International Telecommunication Union, said Mohd Amin, head of the ITU’s global cyber-center, which analyzes and shares data on cyber-threats.
The ITU asked the Russian-based Kaspersky Lab, which provides software to clients around the world, to investigate. Kaspersky checked its database and found samples of the virus in countries across the Middle East. Iran had the highest number of infections, followed by Israel and the Palestinian territories, then Sudan, Syria and Lebanon, according to the firm, whose database is limited to infections reported by its clients.
Kaspersky also has detected a few infections in Europe and the United States, but it is unclear whether those reflect people in the Middle East accessing the Internet through U.S. and European servers to circumvent Web filters, said Kaspersky Lab senior researcher Roel Schouwenberg.
Special correspondent Joel Greenberg in Jerusalem contributed to this report.