More malware targeting Iran could yet be discovered

Screengrab of Flame The sophistication of Flame helped it avoid detection by security software

Related Stories

Fresh analysis of the malware Flame suggests it could be part of a much wider "family".

Flame is believed to have targeted sensitive data in Iran. It has already been linked to Stuxnet, which was aimed at Iran's nuclear infrastructure.

Analysis of the server controlling the malware suggests three similar pieces of code are as yet undiscovered.

The study also suggests Flame dates back to 2006, much earlier than previously thought.

Discovered in May, Flame has already been linked to Stuxnet, a worm that attacked Iran's nuclear infrastructure, and Duqu, a data-stealing worm that also infected some of Iran's computer systems.

The new report is a joint study from security firms Symantec, Kaspersky, the Crypto Labs in Budapest and the UN's International Telecommunications Union.

They were given access to the command and control servers of Flame.

Spelling mistake

It revealed the servers were using four communications protocols, only one of which was being used by Flame.

"I can't imagine that the other three were not being used. The conclusion seems to be that there is something else out there," said Prof Alan Woodward, a visiting professor at the University of Surrey's department of computing.

Flame has been described as one of the most complex computer threats ever discovered, but the study suggests attempts to destroy all evidence of it went wrong because of a spelling mistake.

"One might imagine that this type of code had a 'kill' button but in fact they had to program it," said Prof Woodward,

"Those behind it did try and destroy it. They may have known that they were about to be rumbled, but they failed at the last minute by mistyping the name of the file," he added.

Many believe the complexity of Flame and the other pieces of related malware points to state-sponsorship, but Prof Woodward said the latest analysis showed little involvement from intelligence agents.

"They don't start from the perspective of what can I look for. It appears to be written by computer analysts not intelligence analysts," he said.

More on This Story

Related Stories

More Technology stories

RSS

Features

  • ScissorsWithout Scotland?

    How might things change for the rest of the UK?


  • Diagrams showing bowler and batsmanAnyone for Vigoro?

    The bizarre Edwardian attempt to merge tennis and cricket


  • Payton McKinnonKilling heat

    Why so many American children die in hot cars


  • Dr Mahinder Watsa Dr Sex

    The wisecracking 90-year-old whose agony column is a cult hit


  • Prince George and the Duke and Duchess of Cambridge outside St Mary'sIn pictures

    Prince George has had an eventful first year


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.