Flame can sabotage computers by deleting files, says Symantec

The virus can not only steal data but disrupt computers by removing critical files, says a Symantec researcher.

Lance Whitney
Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
2 min read

The infamous Flame virus can delete files from a computer and is likely the cause of a cyberattack against Iran in April, according to new findings.

Flame was originally identified for its ability to steal data and capture information from keystrokes, PC displays, and audio conversations.

But a new component of Flame uncovered by security firm Symantec gives its operators the power to delete important files from compromised computer systems, Symantec researcher Vikram Thakur revealed yesterday.

Such power means that the virus can disrupt critical software and "completely disable operating systems," Reuters reported based on Thakur's findings.

"These guys have the capability to delete everything on the computer," Thakur said, according to Reuters. "This is not something that is theoretical. It is absolutely there."

If true, Flame can be used as a weapon against nations to attack vital infrastructure systems, such as dams, chemical plants, and manufacturing facilities, Reuters added. And it could have been used as a weapon against Iran this past April.

Boldizsar Bencsath, an expert on cyber warfare with Hungary's Laboratory of Cryptography and System Security, told Reuters that there was at least a 20 percent chance that Flame was behind the attack against Iran.

Reportedly discovered by Kaspersky Labs, Flame targeted Iran and countries in the Middle East by infecting a host of computers across the region. CEO Eugene Kaspersky compared the new malware to its Stuxnet predecessor and said it seemed to be state-sponsored.

Some reports have named United States and Israel as the sources behind Flame.

In response, the U.S. has remained mum. Israel has denied any involvement despite comments by prime minister Moshe Ya'alon that countries concerned about Iran's nuclear program might use such cyberattacks "to harm the Iranian nuclear project."

Around since 2010, Flame only recently came into the limelight following the Middle East cyberattack.

Some security experts had minimized the danger posed by the virus. But Kaspersky believes Flame poses a larger threat than Stuxnet, which infected an Iranian nuclear plant in 2010.

The United Nations' International Telecommunications Union has also warned that Flame could be used as a "dangerous espionage tool that could potentially be used to attack critical infrastructure."

And the latest findings from Symantec are arousing concerns among more experts.

Neil Fisher, vice president for global security solutions at Unisys, told Reuters that the new findings, if verified, point to Flame as "highly dangerous." Sean McGurk, a former Department of Homeland Security official, echoed similar fears, saying that Flame "could render computing devices useless."

CNET contacted Symantec for comment and will update the story when we get more information.