Iran is once again in the crosshairs of an international cyberattack. On May 28, almost two years after a sophisticated virus known as Stuxnet wrecked some of the country’s uranium enrichment equipment, Tehran asked international security researchers for help fighting off an infection targeting computers in the energy sector. Experts have just begun to analyze the oversized virus’s 650,000 lines of code. McAfee’s Dave Marcus notes that big pieces of malware are often called “100-meter dashes”—the length of the code if printed out. “This one is 1.5 miles in printed paper,” he says.
One thing that’s already apparent is that the virus, known as Flame, is hungry for information. It can orchestrate a number of furtive actions that usually don’t all appear in a single virus. Flame can monitor keystrokes, steal passwords, turn on victims’ microphones to record conversations, and take screenshots of Internet sessions. It’s able to send the captured information to so-called command-and-control servers around the world and receive software updates from them. It’s essentially a permanent desktop spy.