Flame worm – Iran claims to discover new Stuxnet-like malware

Flamer worm - Iran claims to discover new Stuxnet-like malware

Iran flag in flames. Image courtesy of ShutterstockThe Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted malware attack attacking the country, which has been dubbed Flame (also known as Flamer or Skywiper).

In a statement, researchers say that they believe the malware is “a close relation” to Stuxnet, and claim that Flame is not detected by any of 43 anti-virus products it tested against, but that detection was issued to select Iranian organisations and companies at the beginning of May.

MAHER also says that it has produced a removal tool for the malware. Whether this is built into the recently announced “Iran’s self-built anti-virus” is unclear.

According to the advisory, the Flamer malware can spread (like Stuxnet) via USB sticks and networks.

In addition the malware (which can infect PCs running Windows XP, Vista and Windows 7) is said to be capable of scooping up passwords, take screenshots, and steal data.

Unfortunately, SophosLabs cannot tell you anything about the Flame malware. At the time of writing we don’t know if have a sample in our malware collection.

We’re hoping that MAHER might publish an MD5 checksum, for instance, which would quickly help us ascertain more easily if this is a sample of some malware that we’ve seen before. Of course, our labs would also be happy to receive a sample of the malware itself if anyone in Iran would like to share it with us.

The discovery of Flame follows other alleged cyberwarfare attacks on Iran, including Stuxnet, Duqu and mysterious Stars virus.

Of course, identifying the malware is only part of the story. Because what will be particularly interesting will be to determine if we can tell who wrote the Flame malware, and why.

Further reading: Flame malware – more details of targeted cyber attack in Middle East

Iran flag in flames image courtesy of Shutterstock.