The Freeland File
Aerospace & Defense
Global Market Data
Lucy P. Marcus
David Cay Johnston
The Great Debate
Macro & Markets
Lipper Awards 2012
Personal Finance Video
U.S. economists win Nobel for applying match-making
In second debate, Obama faces challenges on key issues
14 Oct 2012
Japan's Softbank snaps up Sprint in $20 billion deal
Rolling Stones to play four gigs, Jagger hints at more
Tea Party versus Agenda 21: Saving the U.S. or just irking it?
Democrats frustrated by Obama’s ”Big Bird” campaign turn
Biden and Ryan in high-stakes election debate
Jobless claims fall to lowest in four and a half years
New computer spying program linked to Flame authors
U.S. defense chief says pre-emptive action possible over cyber threat
Thu, Oct 11 2012
Netanyahu draws "red line" on Iran's nuclear program
Thu, Sep 27 2012
U.S. and Russian experts turn up volume on cybersecurity alarms
Thu, Sep 27 2012
Iran sees cyber attacks as greater threat than actual war
Tue, Sep 25 2012
Germany urges public to stop using Internet Explorer
Wed, Sep 19 2012
Analysis & Opinion
Financial cybercrime a national security threat, U.S. Justice Department official warns
By Joseph Menn
SAN FRANCISCO |
Mon Oct 15, 2012 10:51am EDT
SAN FRANCISCO (Reuters) - The security company that has discovered some of the most sophisticated spying software unearthed to date says it found a related program, dubbed "miniFlame," which can carry out more precise attacks on targets in the Middle East.
While the original Flame virus swept in data from perhaps 5,000 computers, largely in Iran and Sudan, the new miniFlame struck only about 50 "high-value" machines, according to Kaspersky Lab research published on Monday. Iran had previously blamed Flame for causing data loss on computers in the country's main oil export terminal and Oil Ministry.
"Flame acts as a long sword for broad swipes while miniFlame acts as a scalpel for a focused surgical dissection," Roel Schouwenberg, a senior researcher at Moscow-based Kaspersky Lab, told Reuters.
Kaspersky theorized that miniFlame was distributed mainly by Flame and another recently discovered spyware program, Gauss, which was most prevalent in Lebanon and may have been aimed at tracking financial transactions.
Not much is known about miniFlame's victims, except that they were more geographically dispersed than those of Flame and Gauss. Infections were found in Lebanon and Iran most of all but also in the Palestinian Territories, Iran, Kuwait, and Qatar, according to Kaspersky.
Kaspersky and U.S. security software company Symantec Corp have said that some of the code in Flame also appeared in an early version of Stuxnet. Found in 2010 and aimed at Iran's nuclear enrichment program, Stuxnet is sometimes described as the first true cyber-weapon. Cyber experts widely believe Stuxnet is an American project.
Kaspersky and Symantec said in a joint research paper last month that Flame's control software remotely directed a number of smaller programs, and that the effects of only one of those programs was clear.
Symantec said at the time the overall project "fits the profile of military and intelligence operations," in part because encryption kept some operatives in the dark about what data they were taking from infected machines.
The many technological innovations in Flame included its hijacking of Microsoft Corp's Windows Update feature, which is critical for keeping the operating system current as new security problems come to light.
The new discovery concerns one of the smaller programs controlled by the Flame command software, referred to in the original code as SPE.
According to the Kaspersky analysis, it includes a "back door" allowing for remote control, data theft and the ability to take screen shots - or images of the computer screen - as the user engages with Microsoft Office, Adobe Systems Inc's Reader, web browsers, and other applications.
"MiniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage," Kaspersky Chief Security Expert Alexander Gostev said.
Symantec said on Friday it had no new information on Flame or the related programs.
Kaspersky said that miniFlame worked with Flame and Gauss but could also operate independently of both, taking orders from a separate network of command computers. It said the new discovery makes a stronger case for the connection among all the programs, though it has not accused any party of authorship.
Kaspersky said it found six versions of miniFlame, the most recent created in September 2011. Some of the protocols it used dated to 2007, making it a long-running effort.
MiniFlame responded to a series of commands given Anglo first names by the program authors. "Elvis" created a process on an infected machine and "Barbara" took a screen shot. "Tiffany" directed the computer to a new command server.
In a speech on Thursday, U.S. Secretary of Defense Leon Panetta warned that the country could act pre-emptively against imminent cyber attacks that would cause "significant physical damage" or kill U.S. citizens. He said the Pentagon was rewriting its rules for engagement in cyberspace.
Though it has been ramping up its capabilities, the Pentagon has said little in public about what it can do.
(Reporting by Joseph Menn in San Francisco; Editing by Jeffrey Benkoe)
Related Quotes and News
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Be the first to comment on reuters.com.
Add yours using the box above.
Back to top
New York Legal
Support & Contact
Connect with Reuters
Our Flagship financial information platform incorporating Reuters Insider
An ultra-low latency infrastructure for electronic trading and data distribution
A connected approach to governance, risk and compliance
Our next generation legal research platform
Our global tax workstation
About Thomson Reuters
Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. Thomson Reuters journalists are subject to an Editorial Handbook which requires fair presentation and disclosure of relevant interests.
NYSE and AMEX quotes delayed by at least 20 minutes. Nasdaq delayed by at least 15 minutes. For a complete list of exchanges and delays, please click here.