US
Government Linked To Three New Computer Viruses
Researchers
have found evidence suggesting that the United States may have
developed three previously unknown computer viruses for use in
espionage operations or cyber warfare.
17
Sepetmber, 2012
The
findings are likely to bolster a growing view that the U.S.
government is using cyber technology more widely than previously
believed to further its interests in the Middle East. The United
States has already been linked to the Stuxnet Trojan that attacked
Iran's nuclear program in 2010 and the sophisticated Flame cyber
surveillance tool that was uncovered in May.
Anti-virus
software makers Symantec Corp of the United States and Kaspersky Lab
of Russia disclosed on Monday that they have found evidence that
Flame's operators may have also worked with three other viruses that
have yet to be discovered.
The
two security firms, which conducted their analyses separately,
declined to comment on who was behind Flame. But current and former
Western national security officials have told Reuters that the United
States played a role in creating Flame. The Washington Post has
reported that Israel was also involved.
Current
and former U.S. government sources also told Reuters that the United
States was behind Stuxnet. Kaspersky and Symantec linked Stuxnet to
Flame in June, saying that part of the Flame program is nearly
identical to code found in a 2009 version of Stuxnet.
For
now, the two firms know very little about the newly identified
viruses, except that one of them is currently deployed in the Middle
East. They are not sure what the malicious software was designed to
do. "It could be anything," said Costin Raiu, director of
Kaspersky Lab's Global Research and Analysis Team.
"Newsforyou"
Kaspersky
and Symantec released their findings in reports describing analysis
of "command and control" servers used to communicate with
and control computers infected with Flame.
Researchers
from both firms said the Flame operation was managed using a piece of
software named "Newsforyou" that was built by a team of
four software developers starting in 2006.
It
was designed to look like a common program for managing content on
websites, which was likely done in a bid to disguise its real purpose
from hosting providers or investigators so that the operation would
not be compromised, Kaspersky said in its report.
Newsforyou
handled four types of malicious software: Flame and programs
code-named SP, SPE and IP, according to both firms. Neither firm has
obtained samples of the other three pieces of malware.
Kaspersky
Lab said it believes that SP, SPE and IP were espionage or sabotage
tools separate from Flame. Symantec said it was not sure if they were
simply variations of Flame or completely different pieces of
software.
"We
know that it is definitely out there. We just can't figure out a way
to actually get our hands on it. We are trying," Symantec
researcher Vikram Thakur said in an interview.
About
a dozen computers in Iran and Lebanon that are infected with one of
the newly identified pieces of malware are trying to communicate with
command and control servers, according to Kaspersky Lab.
The
researchers found a large cache of data on one of the command and
control servers, but cannot analyze it because it is encrypted using
a password that they said would be virtually impossible to crack.
They
believe that it was encrypted so heavily because the people
coordinating the attack did not want the workers using the Newsforyou
program to be able to read potentially sensitive information.
"This
approach to uploading packages and downloading data fits the profile
of military and/or intelligence operations," Symantec said in
its report.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.