Wednesday, May 30, 2012

Iran: Iran Shows Prompt Response to Israeli Cyber War

Wednesday, May 30, 2012
Iran: Iran Shows Prompt Response to Israeli Cyber War
Iran Shows Prompt Response to Israel's Cyber War
News number: 9103080189 12:00 | 2012-05-30
http://english.farsnews.com/newstext.php?nn=9103080189
TEHRAN (FNA)- Iran declared on Tuesday that it has produced an anti-virus
program against "Flame," an extraordinarily sophisticated malware that
attacked its servers recently.
In a statement, Iran's National Computer Emergency Response Team said that
"investigations during the last few months" had resulted in the detection of
the virus, which has been dubbed Flame and is capable of stealing data from
infected computers.
"It seems there is a close relation to the Stuxnet and Duqu targeted
attacks," the statement said, adding that the malware's "propagation
methods, complexity level, precise targeting and superb functionality" were
reminiscent of the Stuxnet and Duqu cyber threats to which Iran had also
fallen victim.
Stuxnet was designed to damage Iran's nuclear sites, specially Natanz
uranium enrichment facility. Duqu, like Flame, was apparently built for
espionage but shared characteristics with Stuxnet.
Iran's National Computer Emergency Response Team also said it has developed
tools to detect and remove Flame from infected computers.
It said that the detection and clean-up tool was finished in early May and
is now ready for distribution to organizations at risk of infection.
Security companies said Flame, named after one of its attack modules, is one
of the most complex threats ever seen.
Iran says its home-grown defense could both spot when Flame is present and
clean up infected PCs.
Flame was discovered after the UN's International Telecommunications Union
asked for help from security firms to find out what was wiping data from
machines across the Middle East.
An investigation uncovered the sophisticated malicious program which, until
then, had largely evaded detection.
An in-depth look at Flame by the Laboratory of Cryptography and System
Security at Hungary's University of Technology and Economics in Budapest,
said it stayed hidden because it was so different to the viruses, worms and
trojans that most security programs were designed to catch.
In addition, said the report, Flame tried to work out which security
scanning software was installed on a target machine and then disguised
itself as a type of computer file that an individual anti-virus program
would not usually suspect of harboring malicious code.
Graham Cluley, senior technology consultant at security firm Sophos, said
the program had also escaped detection because it was so tightly targeted.
"Flame isn't like a Conficker or a Code Red. It's not a widespread threat,"
he told the BBC. "The security firm that talked a lot about Flame only found
a couple of hundred computers that appeared to have been impacted."
Mr. Cluley said detecting the software was not difficult once it had been
spotted.
"It's much much easier writing protection for a piece of malware than
analyzing what it actually does," he said. "What's going to take a while is
dissecting Flame to find out all of its quirks and functionality."
It is not yet clear who created Flame but experts say its complexity
suggests that it was the work of a nation state rather than hacktivists or
cyber criminals.
Figures released by Kaspersky Labs in a report about the malicious program
said 189 infections were reported in Iran, compared to 98 in
Israel/Palestine and 32 in Sudan. Syria, Lebanon, Saudi Arabia and Egypt
were also hit.
Israel has tried to take the credit for the malware with its Deputy Prime
Minister Moshe Ya'alon saying on Tuesday that "whoever sees the Iranian
threat as a serious threat would be likely to take different steps,
including these, in order to hurt them."
Speaking in an interview with Israel's Army Radio, Ya'alon further hinted
that Jerusalem was behind the cyber attack.
"These achievements of ours open up all kinds of possibilities for us,"
Ya'alon added.
In April, Iran briefly disconnected servers from the net at its Kharg island
oil terminal as it cleared up after a virus outbreak - now thought to be
caused by Flame.

No comments:

Post a Comment