chinadaily.com.cn
left corner left corner
China Daily Website

Computer security firms rush to put out Flame

Updated: 2012-06-05 11:15
By Wang Xiaodong ( China Daily)

Flame, one of the most complex computer viruses ever discovered, has been detected in China and could potentially cause widespread damage - including information leakage - to company and government networks as well as individual computers, experts warned.

"According to our analysis, the virus was designed mainly to target governments, firms, schools and scientific institutions," said Liu Siyu, director of the research and development section of Rising International Software, a Chinese Internet security company.

"However, the technology it used could be adopted by other lower-level Trojan viruses and cause damage to the networks we use in our daily lives," he said.

The company issued a notice on its website last week, calling on companies to take all necessary measures to protect themselves from the virus.

"We first intercepted this virus on Wednesday and have not received any report of damage caused by it yet," said Liu.

Initial analysis has revealed the complexity of the virus. It contains many components, each with a different function that can integrate with others to cause complex harm to the infected network, Liu said.

"The total size of the virus package is nearly 20 megabytes, while a normal virus is less than one megabyte."

According to Liu, the virus could even record sound and video stored in the infected computer and steal the information.

"It is arguably the most complex virus discovered," said Hungary-based Laboratory of Cryptography and System Security in a 64-page technical report released on Thursday.

Flame has very advanced functionality to steal information and to propagate, and covers all major intelligence gathering possibilities, including monitoring keystrokes, screens, microphones, storage devices, networks, WiFi, Bluetooth, USB and system processes, according to the report.

Liu said Rising has upgraded its anti-virus software, which is capable of eliminating the virus. It also offered a free anti-virus software that anyone can download, he said.

The lab's report said Flame first appeared in Europe in December 2007, but it "may have been active for five to eight years".

"The result of our technical analysis supports the hypotheses that sKyWlper (Flame) was developed by a government agency of a nation with significant budget and effort, and it may be related to cyber warfare activities," the report said.

According to a report by Iran's Kayhan daily on Thursday, which was quoted by Xinhua New Agency, Iranian cyber experts have detected and contained Flame, which it called an Israeli spy virus.

Flame has targeted Iran's oil industry, the report said, adding that, however, Iranian experts have been able to detect and contain it.

The report said that the malware was different from other viruses and was more destructive than Stuxnet.

Iran announced in October 2010 that it had detected and thwarted the Stuxnet virus aimed at infecting the country's nuclear plant system.

According to the Iranian intelligence service, Stuxnet had infected 30,000 IP addresses in the country.

wangxiaodong@chinadaily.com.cn

...

...
...