From: larry.r.trout
Cyber-weapon 'Computer malware described as "the most sophisticated cyber weapon yet unleashed" has been uncovered in computers in the Middle East and may have infected machines in Europe, according to reports from antivirus researchers and software makers in Russia, Hungary and Ireland.
The malware, dubbed Worm.Win32.Flame, is unusual in its complexity, size and the multitude of ways it has of harvesting information from an infected computer including keyboard, screen, microphone, storage devices, network, Wi-Fi, Bluetooth, USB and system processes.
The malware is called "Flame" by Kaspersky Labs, a Moscow-based antivirus software maker, but also known as sKyWIper by the Hungarian Laboratory of Cryptography and System Security (CrySyS Lab).
Both Kaspersky Labs and CrySyS Lab said it was likely the malware was developed by a government-sponsored entity.
"The geography of the targets [certain states are in the Middle East] and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it," Kaspersky Labs said in a report.
"The results of our technical analysis supports the hypotheses that sKyWIper was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyber warfare activities," a CrySyS Lab report said. "Arguably, it is the most complex malware ever found."
Although the virus has just been detected, there was evidence that it may have been in operation for at least two years.
Vitaly Kamluk, chief malware expert for Kaspersky Labs, said there were many pointers to it being a weapon, not the least of which was how highly-targeted it was. According to their investigations, only 382 infections have been reported, 189 of which were in Iran, and the malware targeted individuals rather than organizations.
Kamluk said the malware was most likely introduced by a USB stick or other removable drive. Once injected, the malware would contact one of the many command and control servers around the world and download additional modules as needed.
It used the same technique as Stuxnet, an earlier highly sophisticated malware, to seek out other machines to infect.'