Security players fan Flames of complex malware risk
Kaspersky claims Flame malware has been "in the wild" since 2010.
Kaspersky has described the newly-discovered Flame malware as one of the most complex pieces of malicious software in the history of cybercrime.
The Russian anti-virus vendor claims the malware can steal information from targeted systems, stored files, contact data and audio conversations, and described it as a tool for "cyber espionage."
Due to its extreme complexity, plus the targeted nature of the attacks, no security software detected it.
The wide variety of data it can steal has led Kaspersky to describe it as "one of the most advanced and complete attack-toolkits ever discovered."
The firm claims to have uncovered the software following an investigation into another type of malware called Wiper that has been credited with erasing data from a number of computers in Western Asia.
"During the analysis of these incidents, Kaspersky Lab's experts came across a new type of malware, now known as Flame," explained the company in a blog post.
"Preliminary findings indicate that this malware has been in the wild' since March 2010...[and] due to its extreme complexity, plus the targeted nature of the attacks, no security software detected it."
The malware is thought to operate by stealing data from infected machines, which is then passed onto a network of command-and-control servers located across the world.
"The exact infection vector is still to be revealed, but it is already clear that Flame has the ability to replicate over a local network using several methods, including the same printer vulnerability and USB infection method exploited by Stuxnet," said the blog post.
Compared to Stuxnet, a piece of malware that emerged in 2010 with the capability to stage four zero-day attacks at once, Flame is around 20 times larger.
"What is known is that it consists of multiple modules and is made up of several megabytes of executable code in total, meaning that analysing this cyber weapon requires a large team of top-tier security experts and reverse engineers with vast experience in the cyber defence field," the post concluded.
David Harley, senior researcher at internet security vendor ESET, said the malware is also understood to have attacked systems in Western Asia and Eastern Europe.
"Perhaps the most interesting feature is that the Iran National CERT has volunteered to share samples with security vendors, despite the fact that many software vendors (notably those headquartered in the US) are unable to trade legally with Iran," said Harley.
"This restriction may have hampered initial detection of the malware by security vendors outside the region, but samples have subsequently trickled into the mainstream via secondary sources."
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDIFree download
The Okta digital trust index
Exploring the human edge of trustFree download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloudFree Download
Modernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security toolsDownload now