A sophisticated cyber weapon has now also been discovered on computers in the UAE and Saudi Arabia, after hitting Iran earlier, prompting security concerns for energy firms based in the Gulf and industrial plants.
The virus, dubbed “Flame”, is capable of spying on various computer files, notably those created by industrial engineers. Flame has largely targeted computer users in Iran in what some experts have suggested is a deliberate attack on the country’s nuclear programme.
But a handful of computers in the Gulf region have also been infected by the virus, or “malware”, according to the Kaspersky Lab, the anti-virus firm based in Moscow that discovered Flame. “The malware is designed to act like a cyber-espionage kit,” said Stefan Tanase, Senior security researcher at Kaspersky.
“It’s a tool for spying on users actions.” Microsoft warned PC users that the Flame virus that attacked systems across the Middle East infects computers by exploiting a flaw in the Windows operating system. The company released software to protect against infections exploiting the previously undisclosed flaw.
While those numbers are small, the cases are significant because fewer than 500 computers worldwide are thought to have been infected with Flame. The largest rates of infection are in Iran, where the virus has been identified on 189 computers, and the Palestinian Territories, where Kaspersky has detected 98 cases.
“The attackers can choose which files they want to download,” he said. Flame has a “very specific interest” in AutoCAD files, which can be used by engineers for industrial projects.
Flame uses a different coding platform to Stuxnet and Duqu, suggesting it was created by a different team. But Tanase said Flame could be “a parallel project” because all three viruses targeted this region.