Flame Virus May Delete Files

By | Jun 25, 2012

The Flame virus, apparently created as a cyber-weapon for use against targets in the Middle East, may have capabilities that go beyond intelligence gathering. According to security firm Symantec, Flame may also be able to delete files from infected computers. These include critical files such as the operating system, meaning that a targeted computer could be totally disabled.

If confirmed, this dramatically escalates the potential threat posed by Flame. For the IT community at midsize firms, the real concern is not so much Flame itself as the technology it embodies. Spread of this technology could allow hackers to erase important information, and bring down systems at critical moments.

Beyond Reconnaissance?

When the Flame virus was first identified a few weeks ago, it appeared to be not a cyber-weapon in the narrow sense of damaging targets, but rather a reconnaissance device. Flame has apparently been spreading since 2010, primarily in the Middle East and especially Iran. Computer security analysts believe it is "state-sponsored," possibly by the United States and Israel.

But as Lance Whitney reports at CNET, analysts at Symantec now believe that Flame is capable of deleting information as well as stealing it. According to Symantec's Vikram Thakur, the virus can "delete everything on the computer," including the operating system.

And Flame's destructive capabilities may already have been put to use. A cyber-attack against Iranian computer systems in April may have been carried out by Flame. Cyber-war expert Boldizsar Bencsath of Hungary's Laboratory of Cryptography and System Security suggested at least a 20-percent chance that Flame launched the attack on Iranian systems.

Black Screen of Death

Wiping out files on a computer is not a new form of attack. From the early days of malware, one of the most serious threats has been reformatting hard drives to wipe out the data they hold and disable the computer.

What sets Flame apart is its sophistication. It spread widely throughout the Middle East, and perhaps elsewhere, as well. But it eluded detection by the security community for two years.

If in fact Flame is "state-sponsored," its designers had more resources than most hackers, even those associated with organized crime. But now that the capability to elude detection and delete files has been demonstrated, hackers can seek to reverse-engineer the technology with an eye to exploiting it themselves.

Cyber-criminals could use the threat of critical file erasure as a form of blackmail. And politically-motivated "hactivists" might delete critical business files in order to make a point.

For IT managers at midsize firms, Flame itself may not be a cause of concern unless their companies are deeply involved in the Middle East. But the possibility that other malware creators will devise similar capabilities could give the IT community some sleepless nights.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...