Owl: Major Cyber-Virus Across Middle East – Probably Israeli

Advanced Cyber/IO
Who? Who?

A new, potent, highly complex but large (20 gigs!) Stuxnet-like virus is on the loose – a number of comments after the article here makes a very good case that this one is from the Israeli government:

‘Flame’ cyberespionage worm discovered on thousands of machines across Middle East

The UN’s International Telecommunications Union and Kaspersky Labs revealed today that it has discovered Flame, a new trojan rivaling Stuxnet. Codenamed “Worm.Win32.Flame,” the malware is currently being researched and it is described as “one of the most complex threats ever discovered.” It is believed to be active across thousands of computers in the Middle East, primarily in Iran and Israel, as well as on some machines in North Africa. Researchers believe that the trojan’s primary function is cyberespionage: once Flame infects a computer, it is equipped to record audio from connected or built-in microphones, monitor nearby Bluetooth devices, take screenshots, and save data from documents and emails. All of this data, apparently stolen as part of a targeted attack, is constantly sent up to command and control servers. Flame “has no major similarities with Stuxnet” or its malware family member Duqu, and is believed to be created and controlled by a separate group. The newly-discovered worm does share some aspects with Stuxnet and Duqu, however. Most disappointingly, Flame takes advantage of the same printer spooling hole and autorun.inf infection methods exploited by Stuxnet. According to Kaspersky Lab’s reports, it’s believed that Flame achieves its initial infection from users who are victims of phishing attacks, and then once it has made it onto a computer it can be spread over local area networks or via USB flash drives with other machines. The bad news is that it’s confirmed that the worm has spread over local area networks to fully-patched Windows 7 systems…