Flame can sabotage computers, likely used to attack Iran – Symantec Corp

Posted on June 22, 2012


The powerful Flame computer virus is not only capable of espionage but it can also sabotage computer systems and likely was used to attack Iran in April, according to a leading security company, Symantec Corporation, Reuters reported.

Iran had previously blamed Flame for causing data loss on computers in the countrys main oil export terminal and Oil Ministry.

Prior to Symantecs discovery, cyber experts had only unearthed evidence that proved Flame could spy on conversations on the computers it infects and steal data.

Symantec researcher Vikram Thakur said on Thursday that the company has now identified a component of Flame that allows operators to delete files from computers, which means it can cause critical programs to fail or completely disable operating systems.

“These guys have the capability to delete everything on the computer,” Thakur said. “This is not something that is theoretical. It is absolutely there.”

Flame was deployed at least five years ago and is the most sophisticated cyber spying program ever discovered. Researchers have been racing to better understand its capabilities ever since Moscow-based Kaspersky Lab uncovered Flame last month after the security firm was asked by a United Nations agency to look for a virus that Iran said had sabotaged its computers, deleting valuable data.

Symantec later also said Stuxnet and Flame shared some code. Current and former U.S. and Western national security officials told Reuters this week that the United States played a role in creating Flame.

The Washington Post reported that U.S. and Israel jointly developed Flame and used it to collect intelligence to help slow Irans nuclear program. Iran complained about the threat of cyber attacks again on Thursday, saying it had detected plans by the United States, Israel and Britain to launch a ‘massive’ strike after the breakdown of talks over Tehrans nuclear activities.

It was not clear if the cyber attack referred to Flame, or a new virus. Symantec declined to comment on who the firm believes is behind Flame.

If Symantec’s conclusions on Flame are confirmed, this could mean that Flame could be used as a weapon to attack computers that run critical infrastructure systems, including dams, chemical plants and manufacturing facilities, security specialists said.

The Islamic republic has been a target of several major cyber attacks in recent years. In September 2010, it was reported that the Stuxnet worm, which is capable of taking over power plants, had infected many industrial sites in Iran.

In April 25, 2011, Iranian officials announced that the country had been targeted by a new computer worm named Stars.

Later, news agencies reported that another computer worm named Duqu had targeted some Iranian organizations and companies.

As for Flame virus, Iran has denied the fact that Kaspersky Lab has uncovered the Flame virus, claiming it was the Maher Center of Iran’s ITC (Information Technology Company) that revealed Flame.

Fars agency reported on June 4 that some countries which have been affected by Flame, asked Iran to help out with the solution against the virus. Australia, the Netherlands, India and Malaysia are among the countries that have contacted Iran’s Maher Centre to ask for the anti-virus programme that detects and destroys Flame.

Iranian communications and IT minister Reza Taghipour on June 20 said a special anti-virus program to remove the Flame virus has been developed and distributed to domestic organizations. Taghipour added that Iran is among the first countries to develop an anti-virus solution for Flame.

The next day Iran’s Intelligence Minister Heidar Moslehi on June 21 said the Islamic Republic is fully prepared to defend its sensitive facilities against enemies’ cyber attacks.

Posted in: iran technology