The Russian malware hunter whose firm discovered the Flame virus said Wednesday there could be plenty more malicious code out there, and warned he feared a disastrous cyber attack could be coming.
“It’s quite logical that there are new cyber weapons designed, and maybe already computers infected that we don’t know about,” Eugene Kaspersky, founder of Kaspersky Lab, said on the fringes of a Tel Aviv University cyber security conference.
Kaspersky Lab, one of the world’s biggest producers of anti-virus software, said its experts discovered Flame during an investigation prompted by the International Telecommunication Union.
Iran appears to have been the main target of the attack which was discovered just a month after the Islamic republic said it halted the spread of a data-deleting virus targeting computer servers in its oil sector.
The Moscow-based firm said the virus was “about 20 times larger than Stuxnet,” the worm which was discovered in June 2010 and used against Iran’s nuclear facilities, with Israel widely suspected of involvement.
Observers have speculated Israel may also have been involved in Flame, but Kaspersky declined to speculate, saying its development was not necessarily limited to the most technologically advanced countries.
“Flame is extremely complicated but I think that many countries can do the same or similar — even the countries which don’t have expertise at the moment,” he said.
But other analysts have described the virus as “clumsy,” saying it was unsophisticated and did not resemble the work of a country with highly advanced technological capacities.
Kaspersky put the development costs of Flame at “less than $100 million” (80 million euros) but said the potential damage caused by such programmes was likely to be enormous.
“Cyber weapons can replicate, and there could be random victims anywhere around the globe, it doesn’t matter how far you are from the conflict,” he said.
“It’s not cyberwar, it’s cyberterrorism and I’m afraid it’s just the beginning of the game.”
He recalled Stuxnet and a 1970 denial of service — or DOS — attack that paralysed Estonia’s information technology systems, and said the next wave could be far more devastating.
“I’m afraid that it will be the end of the world as we know it,” he said. “I’m afraid that very soon the world will be very different.”
