I'm betting the US made the latest cyberweapon spreading around the world, but Israel is also a prime candidate. Flame was aimed at Iran and they are the biggest victim, but it is now spreading.
A massive, data-slurping cyberweapon is circulating in the Middle East, and computers in Iran appear to have been particularly affected, according to a Russian Internet security firm.
Moscow-based Kaspersky Lab ZAO said the "Flame" virus was unprecedented both in terms of its size and complexity, possessing the ability to turn infected computers into all-purpose spying machines that can even suck information out of nearby cell phones.
"This is on a completely different level," Kaspersky researcher Roel Schouwenberg said in a telephone interview Tuesday. "It can be used to spy on everything that a user is doing."
Flame is the third major cyberweapon discovered in the past two years, and Kaspersky's conclusion that it was crafted at the behest of a national government fueled speculation that the virus could be part of an Israeli-backed campaign of electronic sabotage aimed at archrival Iran.
Although their coding is different, Schouwenberg said there was some evidence to suggest that the people behind Flame also helped craft Stuxnet, a notorious virus that disrupted controls of some nuclear centrifuges in Iran in 2010.
"Whoever was behind Flame had access to the same exploits and same vulnerabilities as the Stuxnet guys," he said, speculating that two teams may have been working in parallel to write both programs.
Flame appears focused on espionage. The virus can activate a computer's audio systems to eavesdrop on Skype calls or office chatter, for example. It can also take screenshots, log keystrokes, and in one of its more novel functions steal data from Bluetooth-enabled cell phones.
Udi Mokady, chief executive of Cyber-Ark, an Israeli developer of information security, said he thought four countries, in no particular order, had the technological know-how to develop so sophisticated an electronic offensive: Israel, the U.S., China and Russia.
"It was 20 times more sophisticated than Stuxnet," with thousands of lines of code that took a large team, ample funding and months, if not years, to develop, he said. "It's a live program that communicates back to its master. It asks, 'Where should I go? What should I do now?' It's really almost like a science fiction movie," he said.
Kaspersky said it had detected the program in hundreds of computers, mainly in Iran but also in Israel, the Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
Schouwenberg, the Kaspersky researcher, said stolen data was being sent to some 80 different servers, something which would give the virus's controllers time to readjust their tactics if they were discovered. He added that some of Flame's functions still weren't clear.