Flame virus forced to commit suicide
The Flame virus is believed to have already infected at least 600 computer systems across Iran, Syria, Lebanon, Egypt, Sudan, Saudi Arabia and Palestine, but machines infiltrated by the malicious program are expected to have the corrupt entity eliminated after its developers have sent out a “suicide” command that extinguishes the malware.
Researchers at the Symantec security company say that the suicide code was "designed to completely remove Flame from the compromised computer,” but in doing so it does more than just eliminate the infection. The company adds that the prompt that kills off Flame removes so much of the virus’ information that researchers will be unable to study the outbreak.
“The module contains a long list of files and folders that are used by Flamer,” writes a blogger for Symantec. “It locates every file on disk, removes it, and subsequently overwrites the disk with random characters to prevent anyone from obtaining information about the infection. This component contains a routine to generate random characters to use in the overwriting operation. It tries to leave no traces of the infection behind.”
Although no developer, agency or nation has yet to be formally linked to the Flame virus, scientists at Kaspersky Labs reported earlier this week that they had found common links between the code that caused the latest outbreak and some building blocks used in the now infamous Stuxnet worm that targeted Iran’s nuclear facilities.
"It turns out we were wrong," Kaspersky’s Alexander Gostev says. "Wrong, in that we believed Flame and Stuxnet were two unrelated projects."
Alan Woodward, a cybersecurity researcher at the University of Surrey in southern England, added to reporters that the findings out of Kaspersky "does suggest that very early on there was some sharing" between authors of both Stuxnet and Flame.
The discovery of Flame coincided almost directly with the recent revelation that, after years of refusing to admit a role, the United States was instrumental in the development of Stuxnet. A New York Times article published earlier this month quoted sources close to the administration of current US President Barack Obama who claim that the commander-in-chief authorized the continuation of a cyberwar program aimed at Iran that had been initiated during the presidency of George W. Bush. Leaders in Washington have since called for a probe to attempt to identify who leaked the intel to the Times. Given the ties between the two malicious programs, the killing off of Flame could very well be an attempt by the government to give researchers less time to further find a relationship between the viruses.