Tehran, June 5: The attackers behind the recently discovered computer espionage virus Flame wanted to obtain confidential technical drawings from Iran, researchers have claimed.
Professor Alan Woodward, a computing specialist from the University of Surrey claimed that the attackers ‘were looking for the designs of mechanical and electrical equipment.’
“This could be either to find out how far advanced some particular project was/is, or to steal some design(s) to sell on the black market,” The BBC quoted Woodward, as saying.
“However, Iran isn’t likely to have any intellectual property not available elsewhere. So, this suggests more a case of intelligence-gathering than onward selling on the black market,” he added.
According to the report, it was also revealed that the attackers used a number of complex fake identities in order to carry out their plans.
The names, complete with fake addresses and billing information, were used to register over 80 domain names used to distribute the malware.
The identities had been registering the domains since 2008, which indicated that Flame had been collecting data for several years.
According to the report, Kaspersky Lab was able to compile statistics on the infection’s spread by using a method known as ‘sinkholing’.
“Sinkholing is a procedure when we discover a malicious server – whether it is an IP address or domain name – which we can take over with the help of the authorities or the [domain] registrar,” explained Vitaly Kamluk, a senior researcher at Kaspersky.
By using this method, they found the majority of infected targets were directed at Iran, with other high counts found in both Israel and Palestine.
The researchers claimed that the attackers had a ‘high interest in AutoCad drawings, in addition to PDF and text files’. (ANI)