fb-pixel Skip to main content

Computer virus linked to spying

NEW YORK ­— A complex computer virus has been pilfering confidential information from computers in the Middle East for at least two years, according to a security report released Monday.

The virus, called Flame, has been infecting computers in Iran, Israel, Lebanon, Sudan, Syria, Saudi Arabia, and Egypt.

It has been grabbing images of users’ computer screens, recording their instant messaging chats, remotely turning on their microphones to record their audio conversations, and monitoring their keystrokes and network traffic, according to a report by Kaspersky Labs, a Moscow-based security research firm.

If the report’s findings prove to be true, Flame would be the third major Internet weapon to have been discovered since 2010.


The first, named Stuxnet, was intended to attack software in specialized industrial equipment and was ultimately used to destroy centrifuges in an Iranian nuclear facility in 2010. The second virus, called Duqu, like Flame, performed reconnaissance. Security researchers believe Duqu was created by the same group of programmers behind Stuxnet.

The researchers said Flame appeared to have been developed by a different group of programmers. It contains 20 times more code than Stuxnet and is much more widespread than Duqu.

Researchers believe Duqu hit fewer than 50 targets worldwide. Kaspersky’s researchers said they had detected Flame on thousands of computers belonging to individuals, private companies, and universities across the Middle East.

‘‘Flame can easily be described as one of the most complex threats ever discovered,’’ Alexander Gostev, head of Kaspersky’s global research and analysis team, wrote in a blog post Monday. ‘‘It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.’’

Researchers say they do not know who is behind the virus, but given its complexity and the geography of its targets, they said it was most likely being staged by a government. The targets of Stuxnet and Duqu suggest to some researchers that they may have been part of a joint US-Israeli project to sabotage Iran’s nuclear program.


Kaspersky’s researchers said the majority of computers infected with Flame were in Iran. Like Duqu and Stuxnet, Flame infects machines through a known security hole in the Windows operating software.