Iran Finds New Stuxnet Strain Dubbed Flame

According to the Iranian Computer Emergency Response Team (MAHER) a new cyber cyberespionage threat has surfaced that seems to be related to Stuxnet.  This new malware strain appears to be more complex and much larger in file size then Stuxnet according to malware experts at Kaspersky Labs. They are calling this new threat "Flame".

Kaspersky reports that part of Flame is writtin in LUA, a program language common for games.  This is the first time they have seen malware written in such a language.

Flame spreads to other computers through USB devices and from a security hole found in the Microsoft operating system that has been patched some years ago.  This is also how Stuxnet spread.

What I find interesting is that the Flame virus does not fully execute it's self if antivirus software is installed on the computer.  By not ringing any bells or doing anything too malicious the software can fly under the radar.  This is truly a more complex virus.  Too complex for a single individual to create which leads most experts to believe a nation state is behind this threat. The origins of this virus is unknown but acording to Symantec researchers who analyzed the code it seems to be written by predominantly English speaking programmers.

The purpose of Flame seems to try and steal private information such as user names and passwords. This appears to be only a small part of what this malware is capable of doing.

Researchers from the Laboratory of Cryptography and System Security (CrySyS) of the Budapest University of Technology and Economics are calling this threat sKyWiper.  They say this sKyWiper is the most complex malware virus they have ever encountered. Acording to the university it covers all major possibilities to gather intelligence, including keyboard, screen,
microphone, storage devices, network, wifi, Bluetooth, USB and system processes. See http://www.crysys.hu/skywiper/skywiper.pdf