After news raced across the world last week of the powerful and intrusive Flame virus, the unknown attackers behind the cyber threat have tried to wipe it from infected computers.
Purging the virus is believed to be a bid to prevent victims from finding out their data was stolen. The massive and complex virus is in the hands of computer experts who are analyzing the code, trying to figure out how to protect computers from the malware.
“They’re trying to cover their tracks in any way they can,” said Vikram Thakur, principal security response manager at Symantec, a computer security company. “What’s very interesting is that they were willing to take the risk of connecting to the servers, which could be watched.”
“They threw caution to the wind,” Thakur said.
Late last week, a command was sent out designed to strip Flame from machines linked to some of the remaining working servers, overwriting the disks with gibberish to erase all traces of the infection, Symantec found. It detected the cleanup with a “honeypot,” a computer infected with Flame that reaches out to controlling servers and waits for commands.
It's unclear exactly how many computers were cleaned. The cleanup command was created a few weeks before news of the Flame virus hit the media. "They know they're being watched," Thakur said.
Experts say the powerful virus, first discovered by computer experts at the Kaspersky Lab headquartered in Moscow, is the most sophisticated malware ever seen. It sucks up information by stealing data, reading emails, capturing passwords and even recording sounds around the computer. The information is then funneled to a remote server -- a kind of dropbox for the pilfered data.
The virus struck computers across the Middle East and Europe and seems to have hit Iran hardest, fueling suspicions that Israel or the United States was behind it. The United Nations telecommunications chief told the BBC this week that “all indications” were the virus was crafted by a country, but he didn’t suspect the U.S.
-- Emily Alpert in Los Angeles
Photo: This undated screen grab released by the Kaspersky Lab shows a program from the computer virus known as Flame. Credit: Kaspersky Lab / Agence France-Presse/Getty Images