Printer Friendly

Iranian experts produce an anti-virus capable of removing virus Iranian experts produce solution.

Trend Micro says it is not the most sophisticated or dangerous malware

By Naushad K. Cherrayil

Staff Reporter

Dubai Security experts found clues on "Flame" and started examining thousands of codes that made up the virus designed to steal information from computers across the Middle East, but already digital clues point to its creators and capabilities.

Researchers at Kaspersky Lab believe it was written by a different group of programmers from those who had created other malware directed at computers in the Middle East, particularly those in Iran.

"We believe Flame was written by a different team of programmers but commissioned by the same larger entity," Roel Schouwenberg, a security researcher at Kaspersky Lab, said.

Stuxnet and Duqu malwares were written on the same platform and share many of the same fingerprints in their source code, researchers have cited intriguing bits of digital evidence that point to a joint American-Israeli effort to undermine Iran's efforts to build a nuclear bomb.

According to Rik Ferguson, Director Security Research & Communication at Trend Micro EMEA, this malware in reality is another example of an advanced packaging tool (APT), newsworthy, but not "the most sophisticated/dangerous/nuclear powered malware ever."

He said the functionalities and characteristics that are reported about Flame are things such as its precise geographical targeting, the modular nature of the code (different functional modules can be "plugged in" to an infected device as required, its ability to use local hardware such as microphones, log keystrokes and record on screen activity.

Two years ago, a virus called Stuxnet tailored to disrupt Iran's nuclear centrifuges caused some setbacks within its uranium enrichment labs and infected an estimated 16,000 PCs, Iranian officials say. At least two other smaller viruses have been detected in nuclear and industrial centers.

Ali Hakim Javadi, Iran's deputy Minister of Communications and Information Technology, was quoted by the official IRNA news agency as saying that Iranian experts have already produced an anti-virus capable of identifying and removing Flame from computers.

Iran's key oil industry was briefly affected but all data that had been lost were retrieved.

The fact that it is targeted in the Middle East and that it uses a specific autorun vulnerability are "apparently enough to justify making links between Flame and Stuxnet," Ferguson said.

Researchers tracked the working hours of Duqu's operators and found they coincided with Jerusalem local time. They also noted that Duqu's programmers were not active between sundown on Fridays and sundown on Saturdays, a time that coincides with the Sabbath when observant Jews typically refrain from secular work.

According to researchers at Kaspersky Lab, Flame may have preceded or been designed at the same time as Duqu and Stuxnet. Security researchers at Webroot, an antivirus maker, first encountered a sample of Flame malware in December 2007.

Al Nisr Publishing LLC 2012. All rights reserved.

Provided by an company
COPYRIGHT 2012 Al Bawaba (Middle East) Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2012 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Gulf News (United Arab Emirates)
Date:May 31, 2012
Previous Article:India shutdown over petrol price rise evokes lukewarm response.
Next Article:Public services thrown out of gear by West Bengal strike.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters