Kaspersky: Flame and Similar Malware Pose Worldwide Risk

The CEO of his namesake antivirus company says countries need to come together to stop the spreading threat of "cyber-terrorism."

The CEO of Kaspersky Lab, which discovered the Flame malware that reportedly targeted Iran and hit other Middle East countries, is speaking out against what he sees as a growing €œcyber-terrorism€ trend, and urged countries worldwide to work to prevent it.

Eugene Kaspersky over the past couple of weeks has been vocal in his warnings against governments developing malware targeted at foes and releasing it onto the Internet. Too many countries are seeing what can be done against their enemies by putting sophisticated malware into the wild, and it could come back to harm them.

"Flame is extremely complicated, but I think many countries can do the same or very similar, even countries that don't have enough of the expertise at the moment,€ Kaspersky said June 6 during a cyber-security conference in Tel Aviv, according to Reuters. €œThey can employ engineers or kidnap them, or employ 'hacktivists.€™ These ideas are spreading too fast. That cyber-boomerang may get back to you."

Researchers at Kaspersky€™s antivirus company first released their analysis of Flame May 28, saying it was the most sophisticated malware that€™s been found and that details of the virus indicated it was related to the Stuxnet worm that was used in 2010 to damage Iran€™s Natanz nuclear facilities.

It€™s widely believed that the United States, Israel or both worked on the Stuxnet malware with the aim of crippling Iran€™s nuclear program. The two countries claim Iran is building up its nuclear capabilities in hopes of developing weapons; Iran officials have said the program is aimed at peaceful civilian purposes.

Researchers from Kaspersky and elsewhere are continuing to learn more about Flame, which is a massive piece of sophisticated malware that apparently was targeted specifically at computers used in Iran and other countries in the Middle East and North Africa. It essentially is not intended to damage the computers it infects, but instead to steal information from them. Many security experts agree with Kaspersky about the long-range threat the malware poses. However, others have said they see the threat as overblown and limited.

During his talk in Israel, Kaspersky reportedly listed the United States, Israel, England, China and Russia€”and possibly India, Japan and Romania€”as countries with the capabilities to develop malware such as Flame. However, he didn€™t accuse any particular country as being the one that unleashed Flame.

Still, in Israel and elsewhere, Kaspersky argued that getting into such cyber-attacks was dangerous, and urged countries to come together to fight against that type of warfare, similar to what has been in the past in such areas as biological and nuclear warfare.

"It's not cyber-war; it's cyber-terrorism and I'm afraid it's just the beginning of the game,€ he said in Israel. €œI'm afraid it will be the end of the world as we know it. €¦ I'm scared, believe me."

Kaspersky also warned that while researchers may now know about Flame and Stuxnet, other undiscovered cyber-weapons are out there infecting computers.

At a CeBit conference in Australia in May, Kaspersky sounded a similar alarm, saying that €œcyber-weapons are the most dangerous innovation of this century,€ according to The New York Times.

Such malware used by countries like the United States and Israel to slow Iran€™s nuclear program could also be used by others to attack everything from power grids to financial systems anywhere in the world, he said. Kaspersky€™s worry is that the use of such malware will continue to grow as more countries and other groups find it €œthousands times cheaper€ to create such cyber-weapons compared with conventional ones.

Without some sort of international agreement to stem the use of such online weapons, the numbers of state-sponsored malware€”and the threat to all countries raised by it€”will continue to grow, he said.