Flame built by government - Kaspersky
05 July 2012, 15:50
Moscow - While the identity of the Flame virus authors remains elusive, a security company is convinced that the evidence points to a sophisticated government operation.
"Who built Flame? It's some government; I don't know which exactly because we don't have any real hard proof, but it's not the usual cybercriminals," Alex Gostev, chief security expert at Kaspersky Lab told News24.
He said that though Flame made headlines, it was not the first super virus and it is likely that the developers are already working on a more advanced version.
"The guys behind Flame spent at least four years [to build it]. It's not only one - there are different variants: The first one we found in 2008 and the last one was from 2011."
Flame's design was different to the usual malware in that it specifically targeted users in the Middle East and Iranian Oil Ministry computers in particular.
Gostev said that the skills and network to develop and distribute the virus was extensive and an indicator of the financial resources of its backers.
"It's not only a question of how many people, but how much money they spent to invest. They used really unique crypto algorithm that never before has been used in malware.
"It's a targeted attack of course and I don't know how many targets there are. We found about 500 victims, but I know that in reality it's much higher."
Kaspersky Lab linked the Flame virus to an earlier Stuxnet worm that was identified in 2010, and Gostev said that because there were observable patterns with an earlier worm called Duqu, one could deduce that the same organisation built the malware.
"I think Duqu was created by the same people who created Flame and Stuxnet. When we looked at the information from the common servers, we found some peaks during hours - the same time zone as Moscow, for example," said Gostev.
The US has said that it expects that the next major war will be fought in cyberspace and has spent significant resources to beef up cyber defence capability.
Gostev agreed that cyber war designed to cripple electricity and water infrastructure will most likely be a precursor to an armed conflict.
"A cyber war should be a part of a real war - real military conflict - it's perhaps a zero stage before sending in the troops and bombers.
"Right now it's some kind of intelligence operations - some kind of cold war. In the future it can be more dangerous. Right now we have Stuxnet which destroy something in the real world. From the virtual world, we can destroy real objects."
- Follow Duncan on Twitter
Malware has evolved to match consumer patterns. In this YouTube video, Vitaly Kamluk, chief malware expert at Kaspersky lab explains the process: