Flame Virus "Told to Vanish", Say Experts
VJ: U.S. computer security researchers said on Sunday that the Flame computer virus, which struck at least 600 specific computer systems in Iran, Syria, Lebanon, Egypt, Sudan, Saudi Arabia and the Palestinian Authority, has gotten orders to vanish, leaving no trace.
AFP reported that anti-virus company Symantec said in a blog post that late last week that some Flame "command-and-control servers sent an updated command to several compromised computers."
"This command was designed to completely remove (Flame) from the compromised computers,"cyber hacking said the statement.
The discovery of the Flame virus immediately sparked speculation that it had been created by U.S. and Israeli security services to steal information about Iran's controversial nuclear program.
Kaspersky Lab, one of the world's biggest producers of anti-virus software, said the Flame virus was "about 20 times larger than Stuxnet," the worm which was discovered in June 2010 and used against the Iranian nuclear program.
Kaspersky called the virus a "cyber-espionage worm" designed to collect and delete sensitive information, primarily in Middle Eastern countries. Experts said it was aimed at stealing Iranian-Russian blueprints, presumably of nuclear facilities.
Iran later admitted that its oil industry was briefly affected by Flame, but claimed that Iranian experts had detected and defeated the virus.
Computers infected with malware are typically programmed to reach out on the Internet to get updated orders from command servers controlled by hackers.
In this case, AFP reported, it appeared that Flame masters gave an order for the malware to vanish, leaving behind no trail that investigators might be able to follow or clues to its origin.
The self-destruct command was evidently sent after Flame was exposed and investigations commenced.
Infected computers that got the command went on to delete an array of files and then cram disks with random characters to thwart recovery of original code, according to security researchers cited by AFP. It was unknown how many infected computers received the self-destruct command.