(LiveHacking.Com) – Iran’s Computer Emergency Response Team (CCCERT) has released a tool which can detect and remove the Flame worm which is being described as “the most sophisticated cyber weapon yet unleashed”. This is the first time a tool has been released to tackle the malware which according to a report from CrySys Lab was first spotted in Europe in 2007. According to the BBC, the detection and clean-up tool was written in early May and now Iran’s National Computer Emergency Response Team are ready to distribute it to organisations at risk of infection.
The Flame malware is sophisticated and is designed for surveillance malware and with the ability to record audio, keystrokes and even Bluetooth devices. It also has a unique modular design which allows its creators to upload new functionality to malware on a victim’s machine. As well as being modular in design, it appears that Flame also tries to detect which anti-virus software is installed on a target machine and then disguise itself as a file that traditionally isn’t scanned for viruses or malware.
According to Kaspersky, 189 infections have been reported in Iran, compared to 98 in Israel/Palestine and 32 in Sudan. Reports are coming in that Syria, Lebanon, Saudia Arabia and Egypt have also been hit.
Back in April, Iran was forced to disconnect some of the computers at its Kharg Island oil processing terminal due to malware. At the time the malware was unknown, but it is now believed to be Flame. At the time the National Iranian Oil Company (NIOC) disconnected some of its computers from the Internet, to stop any further spread of the malware, however the terminal remained operational.
An analysis by Symantec says that “the complexity of the code within this threat is at par with that seen in Stuxnet and Duqu, arguably the two most complex pieces of malware we have analyzed to date. As with the previous two threats, this code was not likely to have been written by a single individual but by an organized, well-funded group of people working to a clear set of directives.”