Sophisticated Flame computer virus detected in UAE

A sophisticated cyber weapon has been discovered on computers in the UAE and Saudi Arabia, prompting security concerns for energy firms based in the Gulf and industrial plants. The virus, dubbed “Flame”, is capable of spying on various different computer files, notably those created by industrial engineers. Flame has largely targeted computer users in Iran in what some experts have suggested is a deliberate attack on the country’s nuclear programme. But a handful of computers in the Gulf region have also been infected by the virus, or “malware”, according to the Kaspersky Lab, the anti-virus firm based in Moscow that discovered Flame. “The malware is designed to act like a cyber-espionage kit,” said Stefan Tanase, senior security researcher at Kaspersky. “It’s a tool for spying on users’ actions.” Mr Tanase said the Flame virus had been detected on 11 computers in Saudi Arabia, two in both the UAE and Qatar, and one in Bahrain. While those numbers are small, the cases are significant because fewer than 500 computers worldwide are thought to have been infected with Flame. The largest rates of infection are in Iran, where the virus has been identified on 189 computers, and the Palestinian Territories, where Kaspersky has detected 98 cases, Mr Tanase said. Flame can spy on common computer files such as Word documents and those typically used by industrial engineers, said Mr Tanase. “The attackers can choose which files they want to download,” he said. Flame has a “very specific interest” in AutoCAD files, which can be used by engineers for industrial projects. Potential targets “could be anything from a power plant to a production facility ... to oil platforms”, Mr Tanase said. This could mean those controlling the Flame virus could be spying on classified files owned by Middle East energy companies. “If I was working in this industry I would be worried,” said Mr Tanase. The executive advised such users to scan for Flame infection using anti-virus software. However, he said regular consumers should not be alarmed by the virus because it does not specifically target them. Flame is the latest cyber attack on computer users based in the Middle East. Two previous viruses, known as Stuxnet and Duqu, are said by some observers to have specifically targeted Iran. A recent report in The New York Times suggested the United States and Israel were behind the development of the Stuxnet virus, which was designed to cripple Iran’s ability to develop nuclear weapons. Whoever created the Flame virus made efforts to conceal their identity, said Mr Tanase. “The attackers did a pretty good job of hiding their tracks.” Flame uses a different coding platform to Stuxnet and Duqu, suggesting it was created by a different team. But Mr Tanase said Flame could be “a parallel project” because all three viruses targeted this region. “Their aim is clearly the same – to do cyber-espionage and cyber-sabotage in the Middle Eastern region,” he said. Kaspersky has already helped shut down 80 of the computer servers controlling Flame, Mr Tanase said. But other variants of the Flame virus are still out there, he warned.