The creators of the world’s most complicated espionage virus Flame have sent a ‘suicide’ command that removes it from some infected computers. U.S. computer security researchers said on Sunday that the Flame computer virus, which struck at least 600 specific computer systems in Iran, Syria, Lebanon, Egypt, Sudan, Saudi Arabia and the Palestinian Authority, has gotten orders to vanish, leaving no trace.
The 20-megabyte piece of malware already had a self-destruct module known as SUICIDE that removed all files and folders associated with Flame, but the purging command observed by Symantec researchers instead relied on a file called browse23.ocx that did much the same thing. According to Symantec, the ‘suicide’ command was “designed to completely remove Flame from the compromised computer,” the BBC reports.
Computers infected with Flame, including honeypots, have been routinely contacting its C&C servers to check for new commands. When the C&C servers still owned by Flame’s authors recently sent out a self-destruct code, Symantec detected the command immediately.
Flame was designed to suck information from computer networks and relay what it learned back to those controlling the virus. It can record keystrokes, capture screen images, and eavesdrop using microphones built into computers.
Bots have long contained such self-destruct mechanisms, so it’s not surprising that malware as complex and comprehensive as Flame would, too.