More complex than previously discovered computer viruses, experts say they are unique.

After Iran acknowledged that its oil sector had been affected by a computer virus "flame", experts from several anti-virus companies said the "Flames" were unique and more complex than previously discovered viruses.

Code prints up to 2400 meters

The "flame" virus has raised concerns about cyber espionage, and the Iranian network security Agency says the "flame" is "closely related" to the famous "Stuxnet" and Duqu virus. "Quake Nets" and Duqu are seen as the first two types of "cyber spy warfare weapons."

The "Quake Net", which was discovered in July 2010, specifically aimed at a computer-controlled system for infrastructure such as water supply and power generation, which was designed and manufactured by Siemens in Germany, has admitted that the "quake net" has affected some centrifuges in its nuclear plant. The Duqu virus is also an industrial control system designed to collect information. Most anti-virus experts believe that the "quake net" and Duqu sources are the same, requiring a long period of cooperation between many people to complete, so it may be the work of an organization or government agencies.

Compared with the "Earthquake Net", the most intuitive feature of the "flame" virus is that the code is large, reaching 650,000 lines, 20 times times the former. This large malware is often called the "Hundred meter race" by insiders, referring to the length of the paper printed by the code. The "Flame" code prints out the length of the paper up to 2400 meters.

Can be all industry information

From a functional point of view, "quake nets" and Duqu can destroy a target, and "flame" is to collect sensitive information in various industries. "Flames" spread mainly in the Middle East, but can be targeted at a number of different industries, according to the media, David Marcus, a company responsible for security research and other experts at the antivirus enterprise McAfee. It is actually a toolkit, and when the computer infects the original "flame" virus, the computer is installed with a specific task module.

Researchers have found that these specific task modules capture keyboard taps, steal passwords, delete hard disk data, activate voice systems to eavesdrop on Internet telephony and chat content, and even use Bluetooth to steal content from smartphones and tablets connected to infected computers.

Exploits known vulnerabilities

Marcus explained that one of the big reasons for "the quake" was that it used a "0 vulnerability" attack, in which virus writers exploited the 4 system vulnerabilities they found to launch an attack before software companies released patches. But the "flame" uses all known vulnerabilities, including even the two vulnerabilities that "quake nets" have attacked.

As a result, "flame" writers are likely to do a lot of research, analysis of the target computer operating system, found that the target has not patched some system vulnerabilities, mastered the best way to penetrate these systems.

The Bluetooth signal delivery instruction is also a rare feature. McAfee researchers have successfully shut down several servers that send instructions to infected computers. But even if the connection to the server is cut off, the attacker can still close control of the infected computer via Bluetooth signals.

The main poison in the Middle East

According to the information Security Enterprise Kaspersky Lab data, "fire" attacks are mainly concentrated in the Middle East: Iran 189, Cisiordania 98, Sudan 32, Syria 30, Lebanon, Saudi Arabia and Egypt also found the virus. The International Telecommunication Union in Geneva says "Fire" is a dangerous spy tool that can be used to attack critical infrastructure. This is the most serious warning the organization is sending. Anti-virus software company Symantec said that some of the "flame" characteristics are not seen before, its complexity is like "the use of nuclear weapons to smash walnuts."

Although "Flames" are more complex than previously discovered, Marcus says it is too early to determine where a computer virus, or even cyber-espionage, is in its history.

Link

Iran says "fire extinguishing" software

Iran's deputy Minister of Communications and Information technology, Ari Hakim Jawadi, May 31 to state television said Iranian experts have designed to clear the "flame" virus software.

Jawadi said the anti-virus software was developed by the Iranian National Computer Emergency Response Team to detect and remove the "flame" virus. He said the "flame" was more destructive than the "quake net" worm that was discovered in 2010.

Iranian officials said the "flame" virus attempted to collect key information from the Iranian oil industry, which had an impact on the Iranian oil network in April, leading to a brief cut in Iran's links with the internet, such as the oil ministry and the oil Export data center.

Wulam Sas Jalali, head of the anti-cyber sabotage agency in Iran, said the "flame" virus had invaded computers in some Iranian industries, "fortunately discovered in time by Iran". Only the oil industry in Iran has been severely affected by the "flame" virus, but its lost data have been restored.

Iranian media have pointed out that the "flame" virus may have been activated 5 years ago or even 8 years ago, the United States and Israel have the ability to design "flame" virus, using computer viruses to attack Iran's key industries and nuclear facilities system is a Western response to Iran's nuclear program is one of the means.

Kaspersky Laboratories believe that the "flame" virus since March 2010 "rampant", because of its structural complexity and target selectivity, security software has been unable to find it. Many technicians speculate that, from the complex structure of the "flame" virus and the range of attacks, the virus may have the backing of a country's official agencies.

"Background Information"

Iran repeatedly attacked by virus

July 2010, German experts announced the discovery of the "earthquake nets" virus, Iran, Indonesia, India and other countries, some computer users reflect the virus attack. The virus is highly contagious to computers and can seriously threaten the safety of industrial systems. Western media then speculated that the target of the "quake net" virus was Iran's Bushehr nuclear power plant.

In September 2010, tens of thousands of internet terminals in Iran were infected with "earthquake nets" virus. Iran later postponed the time of the Bushehr nuclear power plant.

Iran suddenly announced a temporary unloading of nuclear fuel from the Bushehr nuclear power plant in February 2011, but did not disclose specific reasons. Because it is rare to unload unused nuclear fuel in the nuclear industry, public speculation is that the nuclear power plant system has been hit by "network" viruses, but Iranian officials have repeatedly denied it.

Dynamic

Israel denies "arson"

An Israeli government spokesman May 31 denied that the party was behind the "flame" virus attack.

The spokesman, who declined to be named, told BBC News that Israeli Deputy Prime Minister Moses Aalon's comments had been misunderstood, and that "nothing in what he said in the interview implied that Israel was associated with the virus".

Israel's deputy prime minister, Aalon, told the military radio: "Some Western governments have high technology, and they view Iran, especially Iran, as a real threat to the field of nuclear threats." ”

"I can imagine that not only Israel, including the whole of the West, which is headed by the United States, all those who see Iran as a major threat may take any action to sabotage Iran's nuclear program." ”

Experts say countries should join forces to "extinguish fire"

Many security experts believe that the current "flame" of the source of the verdict is premature, countries should study and take measures as soon as possible.

Kaspersky Lab May 28 reported that the "flame" virus is part of the characteristics of the previous attack on Iran's nuclear facilities computer system, "network" worm, the Iranian side accused the United States and Israel behind the scenes.

However, a spokesman for the Israeli government, who declined to be named, May 31 denied that the virus was linked to Israel. Another speculation is that "flames" are associated with the United States, an unnamed U.S. government official told NBC, the United States planned the attack, but he admitted that there is no "first-hand information."

Former assistant Secretary of defense of the United States, Nye, a professor at Harvard University, published in late April in an article entitled Cyber War and Peace, said that the deepening reliance on network computers and network communications made the United States more vulnerable than other countries, and that cyberspace had become a major source of unease because, at the current stage of technological development, Attacks in cyberspace are stronger than defenses. He believes it is time for states to sit down to discuss how to limit cyber attacks to the threat to world peace.