Iran claims it has fix for Flame malware

Posted by Emma Woollacott

The Iranian government says it has a removal tool for the Flame malware targeting the country's oil industry, and says it will give it to any Iranian organization that's been affected.

The malware was discovered only this week, by Kaspersky Labs, although security researchers say it's been in operation for at least two years. It's believed to be the biggest piece of malware ever discovered.

"At the time of writing, none of the 43 tested antiviruses could detect any of the malicious components," says Iran's National Computer Emergency Response Team.

"Nevertheless, a detector was created by Maher center and delivered to selected organizations and companies in first days of May. And now a removal tool is ready to be delivered."

If the claim is true, the implication is that Iran's known about Flame rather longer than anybody else. It's suggested that Israel is behind the attack - and comments from Israel's vice prime minister and minister for strategic affairs appear to support this theory.

"The fact that Flame evaded detection for so long, and by so many different antivirus tools is deplorable, and proves that the speed at which malicious malware is developed is just steamrolling those organisations trying to keep up," says James Todd, technical lead for Europe at security company FireEye.
 
"The next big trend in IT security was always going to be cyber-espionage, given the potentially huge rewards for the taking. This is particularly true if hackers can infiltrate information relating to policy, patents, intellectual property and R&D plans."

The danger is now largely over, as all the major anti-virus vendors can now detect Flame and protect against it.

"Whoever was behind it will likely be feeling pretty grumpy, or working hard on a new version which they hope will be able to skirt past defences," says Graham Cluley of Sophos.