Iran’s government claims to have developed an anti-virus program that can detect and remove the Flame malware, promising to release the tool to any Iranian company or organization who requests it. Identified recently, though believed to have been in the wild and syphoning data from computers across the middle east since early 2010, Flame is suspected to be the cyber-espionage tool of a foreign government. Although the full complexity of the malware is yet to be explored, security researchers already believe it is significantly more complex than other recent infections such as Stuxnet.
“Tools to recognise and clean this malware have been developed” the Iranian Ministry of Information and Communication Technology said in a statement, “and, as of today, they will be available for those [Iranian] organisations and companies who want it.”
No more specific details of the nature of the tool have been released, and it’s unclear how long Iran has been working on a fix. It also remains to be seen whether the tools are legitimate or not: the Iranian government could grandstanding so as to maintain a sense of security, both on the international stage and for businesses and organizations in the country.
While Flame’s exact infection pattern is still a mystery, it is believed to target computers both by direct access from a compromised USB device or similar, and via phishing emails and sites. Once in place, the malware can perform a wide range of monitoring activities, ranging from keylogging and sharing screenshots with a remote server, to activating the computer’s integrated microphone and secretly recording what’s going on in the surrounding area.
However, there’s also the ability for Flame to link up with nearby Bluetooth devices, and even download new functionality packages as remote operators further compromise infected systems. No security company has yet put a timescale on a fix for the infection.