TEL AVIV — Israel remained cagey in response to Tehran’s claims that Israeli cyber spies were responsible for the virus that stole massive amounts of data from computer networks in Iran, Lebanon, the Palestinian Authority and other points in the Middle East.
In a radio interview May 29, a day after Iran’s Computer Emergency Response Team Coordination Center (CERTCC) confirmed the existence of the so-called Flame virus, Israel’s strategic affairs minister praised his country’s “prolific high-tech sector.”
Noting that Israel is one of a few countries with advanced technologies capable of targeting Iran, Moshe Ya’alon, a former Israel Defense Forces chief of staff, said it was “reasonable” to use such capabilities to hobble Tehran’s pursuit of nuclear weapons.
Others, however, chose to distance Israel from the attack; and spokesmen for the prime minister and defense minister refused to comment.
Mountain View, Calif.-based Symantec described what it calls the W32.Flamer virus as “highly sophisticated and discreet,” and said it “is not likely to have been written by a single individual but by an organized, well-funded group working to a clear set of directives.”
On its official website, the security company said the complexity of the code used in the virus was on par with Stuxnet, the virus that targeted Iranian nuclear fuel centrifuges and has been widely attributed to Israeli and possibly U.S. design.
Symantec said the Flame virus was able to steal documents, take screenshots of users’ desktops, spread through removable drives and disable security products.
“At first glance, it appears to be benign, but further inspection reveals cleverly concealed malicious functionality. ... The architecture employed allows the authors to change functionality and behavior within one component without having to rework or even know about the other modules used by the malware controllers,” Symantec reported.
CERTCC announced May 28 that it tested 43 anti-viruses on the Flame, none of which could detect any of its malicious components.
According to CERTCC, the virus distributes itself via removable media and local networks; performs “network sniffing” to detect targeted resources and collects lists of vulnerable passwords. It can even use the infected system’s attached microphone to record conversations and environmental sounds, the Iranian agency said.
“According to file naming conventions, propagation methods, complexity level, precise targeting and superb functionality, it seems that there is a close relation to the Stuxnet and Duqu targeted attacks,” CERTCC concluded.