Experts warn W32.Flamer may have been developed by a nation state as part of cyberwarfare activities
by Nick Hopkins
A cyber-attack that targeted Iran‘s oil ministry and main export terminal was caused by the most sophisticated computer worm yet developed, experts have warned.
The virus appears to have been directed primarily at a small number of organisations and individuals in Iran, the West Bank, Lebanon and the United Arab Emirates. This will inevitably raise suspicions that Israel or the US were involved in some way.
Analysts who have been decoding the computer worm, which is called W32.Flamer, have been unable to identify the source. But they say only a professional team working for several months could have been behind it.
The CrySys Laboratory, in Hungary, said: “The results of our technical analysis supports the hypothesis that [the worm] was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyberwarfare activities.”It is certainly the most sophisticated malware we [have] encountered. Arguably, it is the most complex malware ever found.”
Orla Cox, a senior analyst at Symantec, the international computer security firm, said: “I would say that this is the most sophisticated threat we have ever seen.”
Symantec undertook a detailed analysis of the groundbreaking Stuxnet virus, which targeted Iran’s nuclear enrichment facilities two years ago, sending some of their centrifuges spinning out of control. Cox said W32.Flamer appeared to be even more complex than Stuxnet, and that it was an incredibly clever, comprehensive “spying programme”.
“It is a backdoor worm that goes looking for very specific information. It scrapes a mass of information from any infected machines and then sends it, without the user having any idea what is going on. The amount of information it can send is huge.”
Symantec first started working on the code over the weekend after it was discovered by specialists at the Laboratory of Cryptography and System Security, at the University of Budapest.
Analysis now shows that the worm has been around, undetected, for at least two years, and experts are confident it was responsible for the disruption to Iran’s oil industry last month.
Read the rest of the story HERE.