A newly discovered malicious software program is one of the most comprehensive and sophisticated attack kits yet discovered, according to the software firm Kaspersky Lab.
Kaspersky discovered the malware, which it is naming “Flame,” while doing separate research for the International Telecommunication Union, a United Nations agency specializing in information and communications technology.
The program can steal information including computer screen shots and stored files. It can also record audio conversations via a computer’s microphone, according to Kaspersky. The program can also collect information through devices that use Bluetooth, the short range wireless communications protocol. Collected information is then sent back to a network of command and control servers located in many different parts of the world.
Hundreds of computers have been infected in several countries, mainly in the Middle East and including Iran, Israel, Saudi Arabia, and Sudan, Kaspersky said. Victims have ranged from individuals to “certain state-related organizations or educational institutions.” Kaspersky also said it was currently unclear who may have created the program.
Flame is also considerably larger than most malware programs that have been detected, Kaspersky said. The program has about 20 modules in total “when fully deployed.” The purpose of most of the modules, however, is still being investigated, the security company said. Kaspersky also said the malware has been in operation for at least two years.
The program appears to be able to spread throughout a local network through ways including USB sticks and a vulnerability related to printers. By spreading in such ways, the program would be similar to the Stuxnet worm. Stuxnet, discovered in 2010, was considered by many to be the first program that could effectively spy on and damage industrial control systems.
Kaspersky said it would continue to conduct more in-depth research on the program and would reveal more information as it becomes known.