New strain of cyber-espionage spyware resembles Stuxnet


Sophisticated virus may have been active for years.

The Iranian Computer Emergency Response Team has discovered a new strain of cyber-espionage spyware that sniffs networks, captures images of users’ screens, and listens in on conversations through an infected computer’s microphone, according to an agency statement.

The agency said that the structure of the virus -- codenamed Flamer or Flame -- resembles Stuxnet, a worm that targeted Iranian nuclear systems and was widely believed to have been the handiwork of Israeli and the United States. Flame is capable of infecting the Windows XP and Vista operating systems and is transmitted via local networks and removable media, such as USB ports.

The top targets of Flame include Iran, Israel, Sudan and Syria, according to antivirus company Kaspersky Lab. The Moscow-headquartered firm was enlisted to study the virus in mid-May as part of an investigation launched by the International Telecommunication Union, a United Nation agency that is focused on communications technology. The geographic location of the targets and complexity of the threat makes it likely that its development was sponsored by a nation, security researchers say.

The script for Flame is made up of several megabytes of executable code in total and is 20 times larger than Stuxnet, according to Kaspersky. Flame attacks are more targeted than Stuxnet attacks, said Alexander Gostev, chief security expert at the company. For instance, the total number of victims worldwide is expected to number 1,000, he estimated. In comparison, global Stuxnet victims likely amount to 1 million.

Flame is designed to infect a target and spy on it for years without the victim noticing, said Gostev. “In order to achieve that stealthiness, it works very quietly and slowly,” he told NextGov. If a USB stick becomes infected by Flame through a computer, a different stick used on the system will become affected after 20 hours, he said.

The malware may have been active for as long as five to eight years, researchers at the Budapest University of Technology and Economics stated in a separate report.

(Image via Lightspring/  /