If you have read the previous article on my blog
Stuxnet - A cyber Nuclear Weapon, you will have some idea as to how future wars will take the shape of Computer viruses from Missiles and other warheads including nuclear bombs.
This Virus, known as Flame virus is actually a malware. To explain how FLAME works, i will have to explain you the basics of SCADA and how Motors are controlled in the industry.
Understanding SCADA:
SCADA stands for Supervisory Control and Data Acquisition, which means you can control each and every part of the industry; be that a Motor, Pump, Robot, Fan , Fire and Gas systems, Water controlling and/or other machinery with just a switch of a button from your PC.
|
SCADA |
All industries basically consist of motors, controllers and pumps e.t.c. For example in a packaging industry, there will be a conveyor belt to transport any item from one place to another, that conveyor belt will be run by motors, so these motors (may be 1000 of them) are not easy to be controlled individually. So scientist have developed a system to control and supervise the whole system via their PC. The PC gives them the detail of each and everything from what is the current speed of the motors to the health of each motor and tells the supervisor if any motor is malfunctioning or not. All of these operations are done by SCADA. SCADA is that piece of Software that is installed on the PC for the supervisors. Just like a spell checker of MS word. which instantly tells us if we write any misspelled word on the word document.
Understanding Flame/Stuxnet attack:
Now let's become an evil genius for a moment and brainstorm to find a way to make the above conveyor belt system crash. There are many possibilities. e.g. destroying the motors of the conveyor belts with hammer, or breaking the power supply cables of the motors which will inadequately makes the motor stop. But there is a catch in the above two scenarios. As explained earlier, each and every detail about the system is being monitored via SCADA, so as soon as the motor will be broken or the power supply cables will be disconnected, SCADA software will inform the supervisor who is monitoring the system over his PC. and he will immediately stop the system or ring the alarm for that event.
What else? Think about any other idea where you have to stop the motor and at the same time you do not want the supervisor to know that the damage has been done. What if such a virus/malware is created for that SCADA system which will give false report of the system even when the system is broken, e.g. telling the supervisor that every thing is working correctly even when the motor is completely destroyed. Good idea? isn't it?
That's what Stuxnet and Flame virus/malware is all about. It will trigger wrong alarm even when all the machinery is working fine or when there is a damage. and not only that it can even get all the information of the system which could be top secret for a country and sends it to the creators of the virus.
The same happened with Iranian's
nuclear facility as it collapsed due to Stuxnet/Flame. When the Iranian's came to know about it the damage was already done and they had to halt their nuclear enrichment facility.
|
Countries affected by flame virus(click to enlarge) |
Infected Areas:The infamous Flame virus can infect even secure PCs by tricking them into believing its malicious payload is actually an update from Microsoft. It can get all the information about the system,e.g. passwords, screenshots, record the sound and even access wireless communication of blue-tooth and Internet.
Flame was first detected by Kaspersky Lab, a Russian-based computer security firm, in May. Analysis by the Kaspersky’s analysts revealed that the virus might have been several years old. Experts believed that the complexity of the virus code indicates that it may have only been produced by a government or military.
Earlier, the New York Times reported that the US and Israel were behind Stuxnet, which caused physical damage to an Iranian nuclear facility, but Israel denied being involved with Flame earlier this month.
With the production of such virus being sponsored now by governments, no wonder this new kind of cyber nuclear battle has been started. Now the point is that we are waiting as to when we will hear an explosion similar to
Chernobyl.
Cyber security agencies are still trying hard to decode the virus, you can get the latest update about this virus by clicking here
|
Click to see how the virus become viral |
Removing the virus
To confirm if your computer is infected by this dangerous Flame virus, feel free to download BitDefender Flame Removal Tool here:
Latest Update(July 20, 2012)
as per the latest update, Israeli based security company Seculert and Russia’s Kaspersky Lab, said on Tuesday that they identified more than 800 victims of the operation. The targets include critical infrastructure companies, engineering students, financial services firms and government embassies located in five Middle Eastern countries, with the majority of the infections in Iran.
The Mahdi Trojan lets remote attackers steal files from infected PCs and monitor emails and instant messages, Seculert and Kaspersky said. It can also record audio, log keystrokes and take screen shots of activity on those computers..