# Massive Spy Malware Infiltrating Iranian Computers



## TechSocial (Dec 20, 2011)

A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation

Read More


----------



## ekim68 (Jul 8, 2003)

Wow, it is huge...This from that article:



> Gostev says that because of its size and complexity, complete analysis of the code may take years.
> 
> "It took us half-a-year to analyze Stuxnet," he said. "This is 20-times more complicated. It will take us 10 years to fully understand everything."


----------



## ekim68 (Jul 8, 2003)

And more:

An astonishingly comprehensive and stealthy beast, but Flame virus doesn't pose a risk to the public... yet



> Ever since word of the Flame virus first got out the superlatives have come in thick and fast.
> 
> Analysts have competed with themselves to describe it as the most complex, the deadliest, largest and most comprehensive virus ever uncovered. In many ways it is all these things and more. But does it pose a risk to the average internet user?
> 
> The short answer at the moment is no. Whoever created Flame did it with a very specific agenda - the targeted acquisition of intelligence on very specific networks primarily in the Middle East.


----------



## Elvandil (Aug 1, 2003)

It's not exactly "massive". Estimates are that fewer than 5000 machines are infected in the entire world.


----------



## ekim68 (Jul 8, 2003)

What's 'massive' to me is the number of things it does....It seems to be prepared for many alternatives...And still collect information...


----------



## Elvandil (Aug 1, 2003)

Yes, it is an amazing virus. It can even turn on microphones and cams to surveille the room it is in. But it also seems to be very specifically targeted, even though the exact targets are not entirely clear. It's scary, nonetheless.


----------



## ekim68 (Jul 8, 2003)

More on this:

Failure to detect Flame marks 'the end of signature-based anti-virus'



> The failure to detect Flame means simplistic signature-based detection is obsolete.
> 
> According to a blog by Sergei Shevchenko, in order to spot malicious code an anti-virus product should emulate the malware to "unwind" the covert logic programmatically until the vicious chunks of it are revealed.
> 
> He said: "A large code often means more code to emulate or the usage of higher-level languages that are much harder to emulate or their emulation is simply not supported. Without an ability to follow the execution logic programmatically, an anti-virus product might not be able to detect a well-protected sample effectively."


----------



## DaveBurnett (Nov 11, 2002)

Er.... the reports I've read say they have got a detector and cleaner.


----------



## ekim68 (Jul 8, 2003)

More on this:

Flame authors order infected computers to remove all traces of the malware



> The creators of the Flame cyber-espionage threat ordered infected computers still under their control to download and execute a component designed to remove all traces of the malware and prevent forensic analysis, security researchers from Symantec said on Wednesday.


----------



## DaveBurnett (Nov 11, 2002)

I'm wondering whether the agency that distributed it in the first place have discovered that the have left traces of who they are and are frightened of international condemnation when they are found out..


----------

