Reuters have uncovered some facts that links the United States to the three previously unknown malwares that attacked systems in the Middle East. The report shows that the United States is using cyber warfare technology more widely than most people think to secure the country’s interests in the volatile Middle East. Stuxnet, which attacked the nuclear facilities of Iran, as well as the surveillance capable Flame were previously associated with the U.S.
The Kaspersky Lab of Russia and Symantec Corp of the United States both revealed yesterday that they have found evidence that the authors of Flame may have also worked on three other viruses that are yet at large.
Conducting their research separately, both firms arrived at the same conclusion but did not provide further comments who are behind Flame. Former and current national security officials in the West have revealed to Reuters that the United States played a role in making Flame. The Washington Post wrote an article previously that Israel was also a privy to the operation.
Some current and former government officials from the U.S. have confirmed that the country developed Stuxnet. Both Symantec and Kaspersky associated Stuxnet to Flame due to similarities found in their codes.
Reuters said that both firms knew little about the newly discovered viruses currently being deployed in the Middle East, and they are not sure what their functions and objectives are.
Basically, Symantec and Kaspersky were able to trace the origins of the Trojans by analyzing their “command and control” servers. They discovered that the Flame malware was being controlled by a software called “Newsforyou”, built by four software developers back in 2006.
Disguised like a common program that manages content on websites to hide its nefarious goal, Newsforyou was also designed to handle four type of malicious software” Flame, SP, SPE and IP. No other details were provided but both security firms disclosed that they were not able to obtain any sample of the other three pieces of malware.
They believe that these three malwares were meant for sabotage and espionage. They could not confirm if they are variations of Flame or completely different ones.
So far, there are about a dozen infected computers in Iran and Lebanon.
The researchers found a large cache of data on one of the command and control servers but could not look deeper as they are encrypted with a password that is impossible to crack. The firms believe that the password was probably designed that way to deny access to the developers of Newsforyou, as they may contain sensitive information.
Symantec noted: “This approach to uploading packages and downloading data fits the profile of military and/or intelligence operations.”