Spy malware infecting Iranian networks is engineering marvel to behold
Researchers are still wrapping their brains around the mind-blowing "Flame."
The malware, dubbed "Flame" after one of the dozens of modules available for it, immediately evoked memories of Stuxnet, another piece of advanced malware that disabled uranium centrifuges in Iranian nuclear plants. As sophisticated as Stuxnet and a related piece of espionage software known as Duqu are, the latest piece of malware is probably orders of magnitude more sophisticated. When fully installed, its size is a whopping 20MB, and it also uses SQLite databases and dynamically generated code that uses the Lua programming language. Such characteristics suggest the malware, which Kaspersky estimates has been found on about 1,000 computer systems so far, could only have been written by a large team of highly skilled software engineers.
"The really interesting thing here is it seems to be another politically motivated, covert operation," Symantec researcher Liam O Murchu told Ars. "We don't normally see the highest infections in Iran, but we do in this case. Based on that, we're looking at another politically motivated attack, at stealing information, possibly written by a government or government agency."