Fame computer virus threatens national infrastructure

It looks very much as thought Israel is behind this.

UN to issue warning on Flame computer virus

Nations to be told virus is a dangerous espionage tool that could potentially be used to attack critical infrastructure.

Al Jazeera,,

29 May, 2012

A United Nations agency charged with helping member nations secure their national infrastructures plans to issue a sharp warning about the risk of the "Flame" computer virus that was recently discovered in Iran and other parts of the Middle East.

"This is the most serious [cyber] warning we have ever put out," said Marco Obiso, cyber security coordinator for the UN's Geneva-based International Telecommunications Union.

The confidential warning will tell member nations that the Flame virus is a dangerous espionage tool that could potentially be used to attack critical infrastructure, he told Reuters news agency in an interview on Tuesday.

"They should be on alert," he said, adding that he believed Flame was likely built on behalf of a nation state.

The warning is the latest signal that a new era of cyber warfare has begun following the 2010 Stuxnet virus attack that targeted Iran's nuclear program. The United States explicitly stated for the first time last year that it reserved the right to retaliate with force against a cyber attack.

'Nation state involved'

Evidence suggests that the Flame virus may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010, according to Kaspersky Lab, the Russian cyber security software maker that took credit for discovering the infections.

Kaspersky Lab said the Flame virus is unprecedented in size and complexity, with researcher Roel Schouwenberg marveling at its versatility.

Schouwenberg said there is evidence to suggest that the people behind Flame also helped craft Stuxnet. Many suspect Stuxnet was the work of Israeli intelligence.

Israel's vice premier did little to deflect suspicion about the country's possible involvement in the attack.

"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," Moshe Yaalon told Army Radio when asked about Flame. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."

"I think it is a much more serious threat than Stuxnet," the UN's Obiso said.

He said the ITU would set up a program to collect data, including virus samples, to track Flame's spread around the globe and observe any changes in its composition.

Kaspersky Lab said it found the Flame infection after the ITU asked the Russian company to investigate recent reports from Tehran that a mysterious virus was responsible for massive data losses on some Iranian computer systems.

So far, the Kaspersky team has not turned up the original data-wiping virus that they were seeking and the Iranian government has not provided Kaspersky a sample of that software, Obiso said

Iran confirms ‘Flame’ cyber attack

High-ranking Iranian officials’ computers have been attacked by a newly detected data mining virus called “Flame,” an Iranian cyber defense group confirmed on Tuesday. The cyber attack is the most destructive since the Stuxnet virus

RT,

29 May, 2012

Iran has deplored the “massive” data loss suffered since over the six months or more that Flame has been active. But the exact extent of damage has not been disclosed.

The newly spotted data mining virus may be the most harmful Iran has ever faced, even more dangerous than Stuxnet, warns Iran’s Computer Emergency Response Team Coordination Centre. Two years ago, Stuxnet destroyed several centrifuges used for Iran’s nuclear enrichment program.

“Flame” also appears to have been planted by a USB stick, which means a flash driver or a similar device had to have been inserted manually into at least one computer hooked up to the network.

“Those controlling the virus can direct it from a distance.' Flame' is no ordinary product. This was designed to monitor selected computers,” Kamran Napelian, an Iranian official, told The New York Times.

Still, Tehran says that the detection and clean-up tools were already finished in early May and can now be distributed among organizations at risk of infection.

Iran has suffered most due to the “Flame” attack, according to a report drawn up by Kaspersky Labs. The computers security company said 189 infections were reported in the Persian country, 98 in Israel and Palestine and 32 in Sudan. Other Middle East countries such as Syria, Lebanon, Saudi Arabia and Egypt were also under attack.

Despite Israel also falling under attack, Iran still thinks the malware was “made by Tel-Aviv.”

“Its encryption has a special pattern which you only see coming from Israel. Unfortunately, they are very powerful in the field of IT,” says another Iranian cyber defense official.

The number of massive cyber attacks on Iran now totals four, while no one has yet claimed responsibility for the Stuxnet assault in 2010. The attacks run parallel to a series of unexplained explosions and assassinations of Iranian nuclear scientists, constantly raising feeling in the nation that the country is increasingly being targeted by covert operations organized by the US and Israel