Introducing “Flame”: Round Three in the Cyber War on Iran

In round the First there was Stuxnet.  Stuxnet was, when discovered, the most sophisticated malware known.  It was specifically targeted at the industrial electronic controllers essential to the gas centrifuges used by Iran in their Nucelar weapons program.  While Iran has been reticent and conflicted in their reporting of the effects, experts believe the malware caused a significant degradation of the Iranian nuclear program.


In round the Second there was Duqu, the son of Stuxnet.  Duqu was less of a direct malware and more of an intelligence collection tool.


Round three was kicked off five years ago and has been dubbed “Flame.”


Iran hit by new powerful cyber weapon ‘Flame’

By AP | Jerusalem Post

BOSTON – Security experts have discovered a new data-stealing virus dubbed Flame, and found that the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.

Experts say the virus  has lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.

It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab’s work were made available on Monday.

Schouwenberg said he did not know who built Flame.

If the Lab’s analysis is correct, Flame could be the third major cyber weapon uncovered after the Stuxnet virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.

The discovery by one of the world’s largest makers of anti-virus software will likely fuel speculation that nations have already secretly deployed other cyber weapons.

“If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Schouwenberg said in an interview.


Capabilities of the Flame malware are believed to be:

  • Gather and transmit local files
  • Remotely change system settings
  • Turn on PC microphones to record conversations
  • Capture and transmit screen shots
  • Capture and transmit chat sessions

Nothing has been reported in terms of malicious payloads as of yet, but the information gleaned from the above listed data capture features would be a strike planner’s dream list.

It’s likely to be a long hot summer.


PC Magazine reports these additional features of Flame:

  • File Compression and Decompression
  • Database Manipulation
  • Network Packet Analysis and Sniffing

    As well as these infection statistics:

    Iran 189 infected systems
    Israel/PA 98 infected systems
    Sudan 32 infected systems
    Syria 30 infected systems
    Lebanon 18 infected systems
    Saudi Arabia 10 infected systems
    Egypt 5 infected systems

    To Those Who Served In The Military
    Third Attempted Murder via SWAT