What damage could the Flame virus cause?

A new malware threat is spreading like fire across the Middle East. What problems might the cyber weapon Flame cause, where did its name come from, and how similar is it to the virus Stuxnet?

Kai Ryssdal: You know how the IT people at work are always giving you a hard time about network security? About passwords and not using files you're not sure of? Yeah, listen to 'em. We learned today of a brand new virus that could conceivably do very bad things. It's called Flame. It's been found so far mostly in the Middle East. And it's bringing back memories of a virus from a couple of years ago called Stuxnet that got cyber warfare experts very nervous. Liam O Murchu is an analyst at Symantec. He does viruses like these for a living. Welcome to the program.

Liam O Murchu: Good to be here, thank you very much.

Ryssdal: What is this thing, Flame?

O Murchu: Flame is an information-stealing threat that we have recently discovered and it's interesting because it has been found in Middle Eastern countries exclusively. We haven't found it anywhere except in the Middle East. It's capable of stealing all sorts of information -- keystrokes, it's able to take screenshots of your computer, it's able to listen in on your microphone and it's able to discover Bluetooth devices that are nearby.

Ryssdal: You mention that it's an intelligence-gathering tool. Could it do physical damage? Could it get into an electical grid? Could it get into some kind of corporate network?

O Murchu: Well the way that Flame is written is that it's very modular, so the attackers can add in new modules at any time and they could update it very easily. So the attackers could choose to do that in the future, but from what we see right now, it's exclusively being used for information stealing and to spread to other computers. So it's able to infect other computers on your network and is able to spread to them and it's able to collect the information from all of those computers.

Ryssdal: Is it like Stuxnet in that it's designed to do physical damage to equipment, famously the centrifuges over in Iran?

O Murchu: No, so Flame is not able to change how physical machinery works in the way that Stuxnet did. It is strictly for stealing information and the reason that it's similar to Stuxnet is that it appears to be a politically-motivated threat, a cover threat, that is operated in Middle Eastern countries, which is very similar to where Stuxnet operated. But the threats themselves are different. They have different capabilities, and they're written by different people.

Ryssdal: There's probably a short list of countries that would get behind this. Care to hazard any guesses?

O Murchu: Well we don't know actually, but it's interesting to see that we found this threat -- or at least the threat has been reported -- in Iran, Lebanon, and Palestinian West Bank. So that does narrow down who is likely to be behind it.

Ryssdal: Do I have to worry about this thing on my laptop at home?

O Murchu: Probably not so much, particularly now because seeing as how this is a very targeted attack -- unless you are living in the Middle East and are engaged in something that the attackers are interested in, you probably don't need to worry about this threat.

Ryssdal: Is the building and deploying of one of these things a billion-dollar proposition? A million-dollar proposition? How expensive is it?

O Murchu: It's expensive, but you're not talking billions of dollars. No. Millions maybe would be more accurate. In this particular threat, it looks like it was written by people who normally write legitimate software. So this threat, for example, it carries a database inside it and it interacts with the database for storing information and for accumulating information. Whereas normally with malware, we see them just using plain files, plain text files, things like that.

Ryssdal: Last question for you, Mr. O Murchu. Who gets to decide that this thing is called Flame?

O Murchu: Well normally the researchers decide that and in this particular case, researchers looked at the code inside the threat and the word "flame" is used extensively within the threat. So the researchers picked that out and decided to call it Flame. We normally try to call it something that we can uniquely identify in files. If we see a new version, we would see that name and we would know oh yes, this is Flame again.

Ryssdal: Liam O Murchu, he's an analyst at Symantec, the virus people. Thanks very much for your time.

O Murchu: Thank you.

About the author

Kai Ryssdal is the host and senior editor of Marketplace, public radio’s program on business and the economy.
Log in to post4 Comments

Mr. Breezy blows an easy one. He didn't ask ONE question that people might want to know.. such as WHAT PLATFORMS DOES THIS AFFECT? such as HOW IS THIS VIRUS SPREAD? such as WHAT CAN I DO TO NOT GET IT? such as IT CLEARLY AFFECTS COMPUTERS WITH THE ARABIC OR FARSI LANGUAGES, CAN IT SPREAD TO ENGLISH SYSTEMS AS WELL? and such as TELL ME, MR. SYMANTEC, WHAT IS SYMANTEC DOING TO SLOW THE SPREAD OF THIS INFECTION? Isn't there ANYONE on staff with the slightest tech clue? Why arrange an interview if you DON'T KNOW WHAT TO ASK?

Not quite sure why Marketplace would use a Symantec spokesperson for this piece when Kaspersky was the lab that discovered the Flame malware (and Symantec is a competitor to Kaspersky). Even more surprised (well, not really) that Symantec would imply that they discovered Flame. Poor form on both your parts.

In the next World War it will be like fighting against a phantom where the invisible enemy is also one marked feature of every human being,
personified in our days like never before in history by few people dictating their will from the top of one virtual Pyramid.

The War manipulated by the Zionists will be geographically split on two fronts:
Russia, China and Arab States on one side
Israel, USA and England on the other.
Russia will be the last target while the confrontation with China will follow the War in the Middle East.

The Zionists Freemasons have already planned this War behind the back of all people which will be forced to fight for their own Countries in their obligation as citizens.

Through one strategy of Terror and Deception the Zionists will continue to monitor and separate all people to face many weak and divided oppositions rather than one strong and united.

They will need chaos and despair to impose their New World Order.

No weapons or protests could counter their Plan relying on such Force and Deception.

In this “carousel” orchestrated by the CIA on behalf of the Zionists, the greatest danger to Humankind is not the CIA or the Zionists but the lack of one evolutionary change needed for us to step away from that same Direction marked in all history and to become one race distinguished from the Animal kingdom.

There is only one solution.


Only four countries had the technical know-how to develop the Flame virus: "Israel, the U.S., China and Russia."
Since the virus was obviously intended for Iran, we can eliminate its friends China and Russia.
This leaves only Israel and us.
Having thoroughly demonized Iran, anything we do to it has become fair game.
But there is nothing fair or right about taking another country's data. Certainly we would not want China or Russia taking our data and spreading it to 80 separate servers.
As a leader of the world community aspiring for governance through universal fairness, we can no longer afford to follow the beaten path of expediency chosen by Israel. Doing so will not only deprive us of our moral authority, but will also squander our unique opportunity to fashion a more just and fair world.

With Generous Support From...