If reports are to be believed, a malware identified as Flame has, for the past two years, been collecting private data from such countries as Iran and Israel and is being described as "one of the most complex threats ever discovered."
The malware, believed to be operating since August 2010, has infected some 600 targets ranging from a variety of systems, including personal computers and computers of businesses, universities as well as governments. The exact nature of Flame’s infection is not known, but it has been seen that once it infects a system, it goes about gathering vast amounts of data. Chief malware expert Vitaly Kamluk of Russian security firm Kaspersky Lab spoke at length about Flame to the BBC, saying, "Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on."
Comparing it to other malwares, such as Wiper, Stuxnet and Duqu, Kamluk said that Flame had not caused any damage to the systems themselves but was collecting large amounts of sensitive information. Kaspersky believes that Flame is possibly "state sponsored" but cannot source the malware. Analysis of it has revealed that it is much larger than normal malwares, such as Stuxnet, being almost 20 times its size at 20MB, but a complete analysis, according to the firm, would take several years.
Apparently, it was Flame that was responsible for "recent incidents of mass data loss," according to Iran’s National Computer Emergency Response Team. So far, Flame has affected systems in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
Speaking about Flame’s provenance, Kamluk said, "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group,” adding, "The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it."
Commenting upon Flame, Prof. Alan Woodward, from the Department of Computing at the University of Surrey, told the BBC, "This (Flame) is basically an industrial vacuum cleaner for sensitive information. Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on."