Iran worst affected by 'Flame' malware, which could be trying to slow its nuclear programme.
Israel suspected of 'cyberweapon' strike on Middle East computers
A malware superbug described as the most complex and sophisticated "cyberweapon" ever devised has attacked computers in Iran and elsewhere in the Middle East, a Russian digital-security provider says.
Although it is one of the countries apparently affected, Israel did little to dampen speculation yesterday about its possible involvement in the malware virus "Flame".
"Whoever sees the Iranian [nuclear] threat as a significant threat is likely to take various steps, including these, to hobble it," the Israeli vice premier, Moshe Yaalon, told Army Radio. "Israel is blessed with high technology and we boast tools that open all sorts of opportunities for us."
The virus could mark a new era in cyberwarfare, in which Iran's enemies try to slow its nuclear programme without resorting to military strikes that could destabilise the Middle East and beyond, experts say.
But Iran also has the ability to hit back on the cyber front and could wreak havoc on the global economy if it chooses to retaliate against virus attacks or increasingly punitive western sanctions, others warned.
"Oil loading in the Gulf is done by computer and Iran is quite good at cyber-warfare," said Gary Sick, an Iran expert at Columbia University in New York who was the chief White House aide on issues related to Iran during the 1979 Iranian revolution.
"Nobody's ever seen what could be done if there is a sophisticated cyber-attack against oil production facilities," he added.
Kaspersky Lab, which discovered the Flame malware, believes it is state-sponsored, but is not sure of its exact origins. Nor did it say at which country the virus was aimed.
But the Moscow-based company said Flame may have been created on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear programme two years ago.
Kaspersky, one of the world's biggest producers of anti-virus software, said on its website that "the complexity and functionality of the newly discovered malicious programme exceed all those of all other cyber menaces known to date".
Iran, which insists its nuclear activities are solely for peaceful purposes, blamed Israel and the United States for the Stuxnet attack that sent its uranium-enrichment centrifuges spinning out of control. Neither country confirmed its involvement.
Iran's national computer emergency response team posted a security alert yesterday stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country.
Tehran also said it had produced an anti-virus capable of identifying and removing the malware.
Computers at Iran's oil ministry were attacked in late April by a data- deleting virus similar to Flame.
The incident was played down by the Iranian government at the time and it is not clear whether sensitive data was lost.
Flame, described as an industrial vacuum cleaner for sensitive information, is thought to have been in operation since at least 2010.
It contains 20 times as much code as Stuxnet and is 100 times more complex than a typical virus designed to steal financial information, Kaspersky Lab said.
Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.
Its main goal is espionage rather than sabotage.
Iran's military has established a special unit to defend the country against computer attacks, which works closely with the defence, intelligence and communications organisations.
Among other countries affected by the Flame virus are Sudan, Syria, Lebanon, Saudi Arabia and Egypt. Kaspersky said Iran was by far the worst affected.