- Associated Press - Tuesday, May 29, 2012

LONDON (AP) - A massive, data-slurping cyberweapon is circulating in the Middle East, and computers in Iran appear to have been particularly affected, according to a Russian Internet security firm.

Moscow-based Kaspersky Lab ZAO said the “Flame” virus was unprecedented both in terms of its size and complexity, possessing the ability to turn infected computers into all-purpose spying machines that can even suck information out of nearby cell phones.

“This is on a completely different level,” Kaspersky researcher Roel Schouwenberg said in a telephone interview Tuesday. “It can be used to spy on everything that a user is doing.”

The announcement sent a ripple of excitement across the computer security sector. Flame is the third major cyberweapon discovered in the past two years, and Kaspersky’s conclusion that it was crafted at the behest of a national government fueled speculation that the virus could be part of an Israeli-backed campaign of electronic sabotage aimed at archrival Iran.

Although their coding is different, Schouwenberg said there was some evidence to suggest that the people behind Flame also helped craft Stuxnet, a notorious virus that disrupted controls of some nuclear centrifuges in Iran in 2010.

“Whoever was behind Flame had access to the same exploits and same vulnerabilities as the Stuxnet guys,” he said, speculating that two teams may have been working in parallel to write both programs.

Stuxnet revolutionized the cybersecurity field because it targeted physical infrastructure rather than data, one of the first demonstrations of how savvy hackers can take control of industrial systems to wreak real-world havoc.

So far, Flame appears focused on espionage. The virus can activate a computer’s audio systems to eavesdrop on Skype calls or office chatter, for example. It can also take screenshots, log keystrokes, and _ in one of its more novel functions_ steal data from Bluetooth-enabled cell phones.

Tehran has not said whether it lost any data to the virus, but a unit of the Iranian communications and information technology ministry said it had produced an anti-virus capable of identifying and removing Flame from its computers.

Speaking Tuesday, Israel’s vice premier did little to deflect suspicion about the Jewish state’s possible involvement in the latest attack.

“Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it,” Israeli Vice Premier Moshe Yaalon told Army Radio when asked about Flame. “Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us.”

Flame is unusually large.

Malicious programs collected by U.K. security firm Sophos averaged about 340 kilobytes in 2010, the same year that Kaspersky believes Flame first started spreading. Flame weighs in at 20 megabytes _ nearly 60 times that figure.

Alan Woodward, a professor of computing at the University of Surrey in southern England, said the virus was modular _ meaning that functions could be added or subtracted to it as needed. He compared it to a smartphone, saying that, depending on what kind of espionage you want to carry out, “you just add apps.”

He was particularly struck by Flame’s ability to attack Bluetooth-enabled devices left near an infected computer.

Story Continues →