Iran Shows Prompt Response to Israel's Cyber War
(FNA)- Iran declared on Tuesday that it has produced an anti-virus program against "Flame," an extraordinarily sophisticated malware that attacked its servers recently.
In a statement, Iran's National Computer Emergency Response Team said that "investigations during the last few months" had resulted in the detection of the virus, which has been dubbed Flame and is capable of stealing data from infected computers.
"It seems there is a close relation to the Stuxnet and Duqu targeted attacks," the statement said, adding that the malware's "propagation methods, complexity level, precise targeting and superb functionality" were reminiscent of the Stuxnet and Duqu cyber threats to which Iran had also fallen victim.
Stuxnet was designed to damage Iran's nuclear sites, specially Natanz uranium enrichment facility. Duqu, like Flame, was apparently built for espionage but shared characteristics with Stuxnet.
Iran's National Computer Emergency Response Team also said it has developed tools to detect and remove Flame from infected computers.
It said that the detection and clean-up tool was finished in early May and is now ready for distribution to organizations at risk of infection.
Security companies said Flame, named after one of its attack modules, is one of the most complex threats ever seen.
Iran says its home-grown defense could both spot when Flame is present and clean up infected PCs.
Flame was discovered after the UN's International Telecommunications Union asked for help from security firms to find out what was wiping data from machines across the Middle East.
An investigation uncovered the sophisticated malicious program which, until then, had largely evaded detection.
An in-depth look at Flame by the Laboratory of Cryptography and System Security at Hungary's University of Technology and Economics in Budapest, said it stayed hidden because it was so different to the viruses, worms and trojans that most security programs were designed to catch.
In addition, said the report, Flame tried to work out which security scanning software was installed on a target machine and then disguised itself as a type of computer file that an individual anti-virus program would not usually suspect of harboring malicious code.
Graham Cluley, senior technology consultant at security firm Sophos, said the program had also escaped detection because it was so tightly targeted.
"Flame isn't like a Conficker or a Code Red. It's not a widespread threat," he told the BBC. "The security firm that talked a lot about Flame only found a couple of hundred computers that appeared to have been impacted."
Mr. Cluley said detecting the software was not difficult once it had been spotted.
"It's much much easier writing protection for a piece of malware than analyzing what it actually does," he said. "What's going to take a while is dissecting Flame to find out all of its quirks and functionality."
It is not yet clear who created Flame but experts say its complexity suggests that it was the work of a nation state rather than hacktivists or cyber criminals.
Figures released by Kaspersky Labs in a report about the malicious program said 189 infections were reported in Iran, compared to 98 in Israel/Palestine and 32 in Sudan. Syria, Lebanon, Saudi Arabia and Egypt were also hit.
Israel has tried to take the credit for the malware with its Deputy Prime Minister Moshe Ya'alon saying on Tuesday that "whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them."
Speaking in an interview with Israel's Army Radio, Ya'alon further hinted that Jerusalem was behind the cyber attack.
"These achievements of ours open up all kinds of possibilities for us," Ya'alon added.
In April, Iran briefly disconnected servers from the net at its Kharg island oil terminal as it cleared up after a virus outbreak - now thought to be caused by Flame.