A new form of malware has been discovered targeting systems based in the Middle-East, which it has apparently been doing since 2010. The complex virus appears to be state-sponsored, according to Kaspersky Labs, but they have been unable to determine which state is responsible for it.
The entire virus package exhibits backdoor, Trojan and worm-like features and is reportedly similar to the Duqu and Stuxnet viruses, though it is considerably larger. The entire package is about 20MB in size.
“The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a Lua virtual machine.”
The various modules of the virus are still being examined to determine what Flame is up to but there are some preliminary findings available.
“From the initial analysis, it looks like the creators of Flame are simply looking for any kind of intelligence – e-mails, documents, messages, discussions inside sensitive locations, pretty much everything. We have not seen any specific signs indicating a particular target such as the energy industry – making us believe it’s a complete attack toolkit designed for general cyber-espionage purposes.”