YONI DAYAN: VIRUS ATTACKING IRAN HAS A “SELF-DESTRUCT”ORDER AND LEAVES NO TRACE BEHIND

http://www.jpost.com/MiddleEast/Article.aspx?id=273411

Virus attacking Iran given ‘self destruct’ order

Symantec anti-virus company says directive sent by C&C servers to infected computers will “leave no traces” of malware behind.

The Flame computer virus that has been attacking Middle Eastern energy facilities, primarily in Iran, has been ordered to self destruct, Symantec anti-virus company stated Sunday.

The origin of the Flame virus has been the subject of wide speculation. A number of Israeli computer experts told The Jerusalem Post that the complexity of the Flame bears the hallmarks of a program engineered by a state.

Related:

In an official blog post, Symantec revealed that the virus, which it termed “Flamer,” had been sent an updated directive from its command-and-control (C&C) servers designed to completely remove itself from compromised computers.

According to the post, the command would “leave no traces of the (Flame) infection behind.”

“Any client receiving this file would have had all traces of [Flame] removed,” the blog post stated.

Security experts from the Russian Kaspersky Lab announced Flame’s discovery on May 28, saying it is found in its highest concentration in Iranian computers. It can also be found in other Middle Eastern locations, including Israel, the West Bank, Syria and Sudan.

The virus has been active for as long as five years, as part of a sophisticated cyber warfare campaign, the experts said.

It is the most complex piece of malicious software discovered to date, according to Kaspersky Lab’s senior security researcher Roel Schouwenberg.

If the Lab’s analysis is correct, Flame could be the third major cyber weapon directed against Iran, after the Stuxnet virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin Duqu.

In comments that could be construed as suggesting that Israel is behind the Flame virus, Vice Premier Moshe Ya’alon said last month that that “whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them.”

 

Comments are closed.