MANILA, Philippines — The newly discovered computer virus being used for cyber espionage in Middle Eastern nations could not be pinned on run-of-the-mill cybercriminals out to get some money, experts from security firm Symantec revealed on Wednesday.
In an interview with InterAksyon, Symantec executive Ken Celik said their analysis of the recently discovered “Flame” virus indicates that it isn’t everyday hackers that are behind the attacks, suggesting other more sinister organizations could have launched the malware.
The Flames virus has been compared with the widespread targeted malwares Stuxnet and Duqu, which were reportedly launched some two years ago to quell the nuclear plans of Iran.
Now, security experts are indicating that the Flame virus could be worse than Stuxnet and Duqu, and has left many forensic analysts from computer security companies baffled by its traits and origins.
“What we can say at best is it is very sophisticated technology, it is not something that was written overnight,” Celik told InterAksyon. “It is something that has been sponsored and paid for potentially by cyber terrorists.”
Pressed for more, Celik refused to specifically identify the possible origins of the malware, only saying that it is “sponsored by cyber terrorists, organized crimes, or nation-states.”
“But can we prove it? The answer is no,” he stressed. “But our understanding of the code indicates that it isn’t everyday hackers that would be doing this.”
Various reports, however, have suggested that the US and Israel could be behind the attacks, as they have been previously linked to the already decapitated Stuxnet worm.
In the past, the US had admitted to launching cyber warfare initiatives against the likes of Al-Qaeda, whose online propaganda efforts had been thwarted by the US government, according to Secretary of State Hillary Clinton.
According to Symantec’s analysis, the threat has appeared in their radar in the past two years and has the ability to steal documents, take screenshots of users’ desktops, spread via USB drives, disable security vendor products, and under certain conditions spread to other systems.
Celik said it is one of the most sophisticated forms of malicious code they have ever encountered, as it possesses the ability to hide itself and pretend to be a file that has been natively signed by the operating system.
Initial Symantec studies suggest that infected units are located primarily in countries in the Palestinian West Bank, as well as in Hungary, Iran, Lebanon, Russia, Austria, Hong Kong, and the United Arab Emirates.
No specific industries or companies are being targeted by the virus, Symantec said, with initial evidence suggesting that many are targeted for their personal activities, as opposed to their employment status.
“Interestingly, in addition to particular organizations being targeted, many of the attacked systems appear to be personal computers being used from home Internet connections,” the company, which manufactures the antivirus software Norton, added.
According to the recent Symantec’s Internet Security Threat Report 17 released Wednesday, the number of targeted attacks increased dramatically during 2011 from an average of 77 per day in 2010 to 82 per day in 2011.
The report also projected that targeted attacks and Advanced Persistent Threats will continue to be a serious issue and the frequency and sophistication of these attacks will increase.
Overall, malware activity in 2011 almost doubled to reach 5.5 billion instances during the period, the report added, with the recent spate of “hacktivism” contributing to the peak in malware numbers.