The Flame virus which is associated with a cyber warfare effort against Iran, developed in 2006, is considered to be linked to about three other malware programmes, according to a new analysis.
According to a report by Russian security firm Kaspersky Lab with US-based Symantec, the German computer emergency response team and the International Telecommunications Union found that the virus that attacked 1,000 systems in March could be one of four malwares created by the same developers.
All the participating security firms were allowed to access the command and control servers of Flame malware.
The report advises that the effort to create Flame has been proceeding longer than the initial expectations and has more elements, which include some that are not yet fully understood.
Kaspersky Lab chief security expert Alexander Gostev said it was problematic for the team to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers.
"Flame’s creators are good at covering their tracks. But one mistake of the attackers helped us to discover more data that one server was intended to keep," Gostev said.
"Based on this we can see that more than five gigabytes of data was uploaded to this particular server a week, from more than 5,000 infected machines. This is certainly an example of cyber espionage conducted on a massive scale."
During the analysis, Command and Control (C&C) servers used by creators of Flame were analysed in detail.
According to the report, one of the Flame-related unknown malicious virus has been currently operating in the wild.
The analysis revealed that C&C servers were masked to be similar to a common Content Management System, to conceal the true nature of theproject from hosting providers or random study.
The firms also revealed that the servers were able to receive data from infected machines through four different protocols, with only one of them overhauling computers attacked with Flame.