* UN agency official says most serious warning ever
* Says Flame could possibly attack critical infrastructure
* UN agency to issue confidential warning to governments
* Some industry observers skeptical about implied danger
* Trend Micro says IXESHE virus attacked Asian governments
By Jim Finkle
BOSTON, May 29 A United Nations agency charged
with helping member nations secure their national
infrastructures plans to issue a sharp warning about the risk of
the Flame computer virus that was recently discovered in Iran
and other parts of the Middle East.
"This is the most serious (cyber) warning we have ever put
out," said Marco Obiso, cyber security coordinator for the
U.N.'s Geneva-based International Telecommunications Union.
The confidential warning will tell member nations that the
Flame virus is a dangerous espionage tool that could potentially
be used to attack critical infrastructure, he told Reuters in an
interview on Tuesday.
"They should be on alert," he said, adding that he believed
Flame was likely built on behalf of a nation state.
The warning is the latest signal that a new era of cyber
warfare has begun following the 2010 Stuxnet virus attack that
targeted Iran's nuclear program. The United States explicitly
stated for the first time last year that it reserved the right
to retaliate with force against a cyber attack.
Evidence suggests that the Flame virus may have been built
on behalf of the same nation or nations that commissioned the
Stuxnet worm that attacked Iran's nuclear program in 2010,
according to Kaspersky Lab, the Russian cyber security software
maker that took credit for discovering the infections.
"I think it is a much more serious threat than Stuxnet,"
He said the ITU would set up a program to collect data,
including virus samples, to track Flame's spread around the
globe and observe any changes in its composition.
Kaspersky Lab said it found the Flame infection after the
ITU asked the Russian company to investigate recent reports from
Tehran that a mysterious virus was responsible for massive data
losses on some Iranian computer systems.
So far, the Kaspersky team has not turned up the original
data-wiping virus that they were seeking and the Iranian
government has not provided Kaspersky a sample of that software,
A Pentagon spokesman asked about Flame referred reporters to
the Department of Homeland Security.
DHS officials declined to respond to specific questions
about the virus, but an agency spokesman issued a brief written
statement that said: "DHS was notified of the malware and has
been working with our federal partners to determine and analyze
its potential impact on the U.S."
Some industry participants appeared skeptical that the
threat was as serious as the UN agency and Kaspersky had
Jeff Moss, a respected hacking expert who sits on the U.S.
government's Homeland Security Advisory Council, said that the
ITU and Kaspersky were "over-reacting" to the spread of Flame.
"It will take time to disassemble, but it is not the end of
the Net," said Moss, who serves as chief security officer of the
Internet Corporation for Assigned Names and Numbers, or ICANN,
which manages some of the Internet's key infrastructure.
"We seem to be getting to a point where every time new
malware is discovered it's branded 'the worst ever,'" said
Marcus Carey, a researcher at with cyber security firm Rapid7.
Organizations involved in cyber security keep some of their
communications confidential to keep adversaries from developing
strategies to combat their defenses and also to keep other
hackers from obtaining details about emerging threats that they
could use to build other pieces of malicious software.
Meanwhile on Tuesday Japanese security software maker Trend
Micro Inc said it had discovered a complex cyber
campaign to steal information using a piece of malicious
software dubbed IXESHE. It had infected government computers in
major East Asian countries along with Taiwanese electronics
manufacturers and German telecommunications firms operating
Trend Micro officials declined to identify the targets or
say who they suspect was behind IXESHE (pronounced "i-sushi").
IXESHE infected PCs with tainted PDF files sent to victims
via email, then stole large quantities of data from the PCs and
sent it to servers in countries including Taiwan, the United
States, South Korea, Brazil, Italy and Japan.
"The amount of data that the adversaries exfiltrated from
these systems is astounding. These systems have essentially been
colonized," Trend Micro Vice President Tom Kellermann said in an