The Freeland File
Aerospace & Defense
Global Market Data
Lucy P. Marcus
David Cay Johnston
The Great Debate
Jack & Suzy Welch
Macro & Markets
Lipper Awards 2012
Personal Finance Video
Japan brandname firms shut China plants after protest violence
Crude oil ought to be $150 per barrel: Iran
16 Sep 2012
Japan's ambassador-designate to China dies in Tokyo - ministry
16 Sep 2012
Muslim protesters rage at United States in Asia, Middle East
Iran's Revolutionary Guards commander says its troops in Syria
16 Sep 2012
U.S. ambassador to Libya, three staff killed in rocket attack
Egyptians angry at film scale U.S. embassy walls
U.S. embassies attacked in Yemen, Egypt after Libya envoy killed
Our day's top images, in-depth photo essays and offbeat slices of life. See the best of Reuters photography. See more | Photo caption
Return of Occupy
Protesters return to the streets to mark the one year anniversary of the Occupy Wall Street movement. Slideshow
Will & Kate's Asia tour
The royal couple are on a nine-day tour of Southeast Asia and the South Pacific. Slideshow
Cyber clues link U.S. to new computer viruses
Oracle fixes bugs in Java that expose PCs to hackers
Thu, Aug 30 2012
Cyber spying spreads in Iran after operation blown: researchers
Wed, Aug 29 2012
UPDATE 1-Cyber spying spreads in Iran after operation blown -researchers
Wed, Aug 29 2012
U.S. looks into claims of security flaw in Siemens gear
Tue, Aug 21 2012
Insight: Experts hope to shield cars from computer viruses
Mon, Aug 20 2012
By Jim Finkle
Mon Sep 17, 2012 9:01am EDT
BOSTON (Reuters) - Researchers have found evidence suggesting that the United States may have developed three previously unknown computer viruses for use in espionage operations or cyber warfare.
The findings are likely to bolster a growing view that the U.S. government is using cyber technology more widely than previously believed to further its interests in the Middle East. The United States has already been linked to the Stuxnet Trojan that attacked Iran's nuclear program in 2010 and the sophisticated Flame cyber surveillance tool that was uncovered in May.
Anti-virus software makers Symantec Corp of the United States and Kaspersky Lab of Russia disclosed on Monday that they have found evidence that Flame's operators may have also worked with three other viruses that have yet to be discovered.
The two security firms, which conducted their analyses separately, declined to comment on who was behind Flame. But current and former Western national security officials have told Reuters that the United States played a role in creating Flame. The Washington Post has reported that Israel was also involved.
Current and former U.S. government sources also told Reuters that the United States was behind Stuxnet. Kaspersky and Symantec linked Stuxnet to Flame in June, saying that part of the Flame program is nearly identical to code found in a 2009 version of Stuxnet.
For now, the two firms know very little about the newly identified viruses, except that one of them is currently deployed in the Middle East. They are not sure what the malicious software was designed to do. "It could be anything," said Costin Raiu, director of Kaspersky Lab's Global Research and Analysis Team.
Kaspersky and Symantec released their findings in reports describing analysis of "command and control" servers used to communicate with and control computers infected with Flame.
Researchers from both firms said the Flame operation was managed using a piece of software named "Newsforyou" that was built by a team of four software developers starting in 2006.
It was designed to look like a common program for managing content on websites, which was likely done in a bid to disguise its real purpose from hosting providers or investigators so that the operation would not be compromised, Kaspersky said in its report.
Newsforyou handled four types of malicious software: Flame and programs code-named SP, SPE and IP, according to both firms. Neither firm has obtained samples of the other three pieces of malware.
Kaspersky Lab said it believes that SP, SPE and IP were espionage or sabotage tools separate from Flame. Symantec said it was not sure if they were simply variations of Flame or completely different pieces of software.
"We know that it is definitely out there. We just can't figure out a way to actually get our hands on it. We are trying," Symantec researcher Vikram Thakur said in an interview.
About a dozen computers in Iran and Lebanon that are infected with one of the newly identified pieces of malware are trying to communicate with command and control servers, according to Kaspersky Lab.
The researchers found a large cache of data on one of the command and control servers, but cannot analyze it because it is encrypted using a password that they said would be virtually impossible to crack.
They believe that it was encrypted so heavily because the people coordinating the attack did not want the workers using the Newsforyou program to be able to read potentially sensitive information.
"This approach to uploading packages and downloading data fits the profile of military and/or intelligence operations," Symantec said in its report.
(Editing by Eric Walsh)
Related Quotes and News
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Be the first to comment on reuters.com.
Add yours using the box above.
Back to top
New York Legal
Support & Contact
Connect with Reuters
Our Flagship financial information platform incorporating Reuters Insider
An ultra-low latency infrastructure for electronic trading and data distribution
A connected approach to governance, risk and compliance
Our next generation legal research platform
Our global tax workstation
About Thomson Reuters
Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. Thomson Reuters journalists are subject to an Editorial Handbook which requires fair presentation and disclosure of relevant interests.
NYSE and AMEX quotes delayed by at least 20 minutes. Nasdaq delayed by at least 15 minutes. For a complete list of exchanges and delays, please click here.