'Mini-Flame' Computer Virus Hits Middle East

Spying Software May Be Used for Surgical Cyber-Strikes

By Reuters

Published October 15, 2012.
  • Print
  • Share Share

The security company that has discovered some of the most sophisticated spying software unearthed to date says it found a related program, dubbed “miniFlame,” which can carry out more precise attacks on targets in the Middle East.

While the original Flame virus swept in data from perhaps 5,000 computers, largely in Iran and Sudan, the new miniFlame struck only about 50 “high-value” machines, according to Kaspersky Lab research published on Monday. Iran had previously blamed Flame for causing data loss on computers in the country’s main oil export terminal and Oil Ministry.

“Flame acts as a long sword for broad swipes while miniFlame acts as a scalpel for a focused surgical dissection,” Roel Schouwenberg, a senior researcher at Moscow-based Kaspersky Lab, told Reuters.

Kaspersky theorized that miniFlame was distributed mainly by Flame and another recently discovered spyware program, Gauss, which was most prevalent in Lebanon and may have been aimed at tracking financial transactions.

Not much is known about miniFlame’s victims, except that they were more geographically dispersed than those of Flame and Gauss. Infections were found in Lebanon and Iran most of all but also in the Palestinian Territories, Iran, Kuwait, and Qatar, according to Kaspersky.

Kaspersky and U.S. security software company Symantec Corp have said that some of the code in Flame also appeared in an early version of Stuxnet. Found in 2010 and aimed at Iran’s nuclear enrichment program, Stuxnet is sometimes described as the first true cyber-weapon. Cybe r experts widely believe Stuxn et is an American project.[ID: nL1E8HB2GW]

Kaspersky and Symantec said in a joint research paper last month that Flame’s control software remotely directed a number of smaller programs, and that the effects of only one of those programs was clear.

Symantec said at the time the overall project “fits the profile of military and intelligence operations,” in part because encryption kept some operatives in the dark about what data they were taking from infected machines.

The many technological innovations in Flame included its hijacking of Microsoft Corp’s Windows Update feature, which is critical for keeping the operating system current as new security problems come to light.

The new discovery concerns one of the smaller programs controlled by the Flame command software, referred to in the original code as SPE.

According to the Kaspersky analysis, it includes a “back door” allowing for remote control, data theft and the ability to take screen shots - or images of the computer screen - as the user engages with Microsoft Office, Adobe Systems Inc’s Reader, web browsers, and other applications.

“MiniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage,” Kaspersky Chief Security Expert Alexander Gostev said.

Symantec said on Friday it had no new information on Flame or the related programs.

Kaspersky said that miniFlame worked with Flame and Gauss but could also operate independently of both, taking orders from a separate network of command computers. It said the new discovery makes a stronger case for the connection among all the programs, though it has not accused any party of authorship.

Kaspersky said it found six versions of miniFlame, the most recent created in September 2011. Some of the protocols it used dated to 2007, making it a long-running effort.

MiniFlame responded to a series of commands given Anglo first names by the program authors. “Elvis” created a process on an infected machine and “Barbara” took a screen shot. “Tiffany” directed the computer to a new command server.

In a speech on Thursday, U.S. Secretary of Defense Leon Panetta warned that the country could act pre-emptively against imminent cyber attacks that would cause “significant physical damage” or kill U.S. citizens. He said the Pentagon was rewriting its rules for engagement in cyberspace.

Though it has been ramping up its capabilities, the Pentagon has said little in public about what it can do.


The Jewish Daily Forward welcomes reader comments in order to promote thoughtful discussion on issues of importance to the Jewish community. In the interest of maintaining a civil forum, The Jewish Daily Forwardrequires that all commenters be appropriately respectful toward our writers, other commenters and the subjects of the articles. Vigorous debate and reasoned critique are welcome; name-calling and personal invective are not. While we generally do not seek to edit or actively moderate comments, our spam filter prevents most links and certain key words from being posted and The Jewish Daily Forward reserves the right to remove comments for any reason.





Find us on Facebook!
  • “'I made a new friend,' my son told his grandfather later that day. 'I don’t know her name, but she was very nice. We met on the bus.' Welcome to Israel."
  • A Jewish female sword swallower. It's as cool as it sounds (and looks)!
  • Why did David Menachem Gordon join the IDF? In his own words: "The Israel Defense Forces is an army that fights for her nation’s survival and the absence of its warriors equals destruction from numerous regional foes. America is not quite under the threat of total annihilation… Simply put, I felt I was needed more in Israel than in the United States."
  • Leonard Fein's most enduring legacy may be his rejection of dualism: the idea that Jews must choose between assertiveness and compassion, between tribalism and universalism. Steven M. Cohen remembers a great Jewish progressive:
  • BREAKING: Missing lone soldier David Menachem Gordon has been found dead in central Israel. The Ohio native was 21 years old.
  • “They think they can slap on an Amish hat and a long black robe, and they’ve created a Hasid." What do you think of Hollywood's portrayal of Hasidic Jews?
  • “I’ve been doing this since I was a teenager. I didn’t think I would have to do it when I was 90.” Hedy Epstein fled Nazi Germany in 1933 on a Kinderstransport.
  • "A few decades ago, it would have been easy to add Jews to that list of disempowered victims. I could throw in Leo Frank, the victim of mob justice; or otherwise privileged Jewish men denied entrance to elite universities. These days, however, we have to search a lot harder." Are you worried about what's going in on #Ferguson?
  • Will you accept the challenge?
  • In the six years since Dothan launched its relocation program, 8 families have made the jump — but will they stay? We went there to find out:
  • "Jewish Israelis and West Bank Palestinians are witnessing — and living — two very different wars." Naomi Zeveloff's first on-the-ground dispatch from Israel:
  • This deserves a whistle: Lauren Bacall's stylish wardrobe is getting its own museum exhibit at Fashion Institute of Technology.
  • How do you make people laugh when they're fighting on the front lines or ducking bombs?
  • "Hamas and others have dredged up passages form the Quran that demonize Jews horribly. Some imams rail about international Jewish conspiracies. But they’d have a much smaller audience for their ravings if Israel could find a way to lower the flames in the conflict." Do you agree with J.J. Goldberg?
  • How did Tariq Abu Khdeir go from fun-loving Palestinian-American teen to international icon in just a few short weeks? http://jd.fo/d4kkV
  • from-cache

Would you like to receive updates about new stories?




















We will not share your e-mail address or other personal information.

Already subscribed? Manage your subscription.