Tehran admitted yesterday that malicious software designated ‘Flame’ has attacked it, and that the Iranian authorities are running an urgent inspection of all computer systems in the country. The virus effectively turns every computer it infects into a spy, it can turn on PC microphones to record conversations, take screenshots, gather data files and remotely change settings on computers.
Security experts from the Russian Kaspersky Lab, who announced Flame’s discovery on Monday, said it is found in its highest concentration in Iranian computers. Researchers at Kaspersky estimated that approximately 5,000 personal computers around the world have been infected by the virus, Iran being hit the hardest, with 189 infected computers, followed by Israel and the Palestinian territories (98 computers), Sudan (32), Syria (30), Lebanon (18), Saudi Arabia (10) and Egypt (5), the company said.
According to Kaspersky Lab’s senior security researcher Roel Schouwenberg, the virus has been active for as long as five years, as part of a sophisticated cyber warfare campaign. He added that it is the most complex piece of malicious software discovered to date, but that he did not know who programed the virus.
Experts assess that only a state could have developed such a complex virus. “This is not a couple of hackers who sat in a basement,” one expert said. “This is a large, organised system. It is possible that years were invested in creating it.”
Flame could be the third major cyber weapon directed against Iran, after the Stuxnet virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin Duqu.