Flame is something new in cyberwar, experts say. It can take screenshots and record audio on infected computers. The malware was almost certainly made by a nation-state.
Stuxnet move over. Cybersecurity researchers on Monday announced the discovery of Flame, a piece of malicious software that one firm has called "arguably ... the most complex malware ever found."
At this early stage of analysis, only a few of Flame's functions are understood, reports Kaspersky Lab, the Moscow-based cybersecurity company that uncovered it. Because of Flame's size and complexity, it could take years to unpack completely what the program can – and has – done, experts add. [Editor's note: The original version of this story misstated where Kaspersky Lab is based.]
From what is known now, however, Flame can spread via a USB drive, a Bluetooth device, or other machines on a network. In affected machines, it can wait for certain software programs of interest to run, then take screenshots, turn on the internal microphone to record conversations, and intercept e-mail, chats, or other network traffic. It can package these data, encrypt them, and send them off to designated command-and-control computers worldwide.
"It pretty much redefines the notion of cyberwar and cyberespionage," writes Alexander Gostev, head Kaspersky's Global Research and Analysis Team, in his blog.
Kaspersky found that Flame has been snaking through computer networks – predominantly in the Middle East – for at least the past two years, but possibly longer. The way it works and what it does suggests that Flame was made by a nation-state, experts say, and only four candidates have the technical know-how to create such software: the US, Russia, China, and Israel.
Page 1 of 4