That sounds pretty invasive. How, technically, does it work?
This very thorough explanation from the Kaspersky Lab, albeit a little technical, does a wonderful job describing how the virus does its thing. As Kaspersky explains it, the virus is a 20 megabyte "sophisticated toolkit," even more complex than previous viruses that have attacked Iranian computer system. This one shows characterstics of being a "backdoor," a "Trojan," and "worm-like," all at the same time. The backdoor, as Wired's Kim Zetter explains, allows the creators to go in and tweak the virus, adding new functionalities. A worm means the virus can travel between computers without a human doing anything, we learn from webopedia. And, Trojan makes it look like harmless software when first installed. Once installed, here's how it works, according to Kaspersky Lab:
Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on. All this data is available to the operators through the link to Flame’s command-and-control servers.
Interesting. You mentioned previous viruses. I think I've heard of these. You mean Stuxnet and Duqu, right? How is this different?
This virus is definitely related to those two,which infected Iranian nuclear computer systems in 2010 and 2011. At least the Iranian government thinks so. "It seems there is a close relation to the Stuxnet and Duqu targeted attacks," read the official statement. But this one is being talked up as bigger and scarier. "Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide,” said Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, in a statement. "The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country." Hacking expert Jeff Moss, however, told Reuters that everyone is overreacting. "It will take time to dissassemble, but it is not the end of the Net," he said. "We seem to be getting to a point where every time new malware is discovered it's branded 'the worst ever,'" added Marcus Carey, a researcher at with cyber security firm Rapid7.
So, if these are related to Stuxnet and Duqu are they from the same source, then?
Kind of, but not exactly. Neither Zetter nor the Kaspersky Lab believe the virus has the same authors. "It was obvious DuQu was from the same source as Stuxnet. But no matter how much we looked for similarities [in Flame], there are zero similarities," Alexander Gostev, chief security expert at Kaspersky Lab told Zetter. "Everything is completely different, with the exception of two specific things." Though, the Kaspersky Lab in its write-up says "the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it."