In May of 2012 a team of computer scientists working for the University of Budapest in Hungary discovered a malicious software program on computers in their home country. They code named the program “Skywiper” and began monitoring its activity. After further analysis they quickly realized they may have encountered “the most complex malware ever found.”
The team in Hungary instantly began reviewing the code for clues of its origin. They found a file name with a date marked December 5 2007 with geographical tag marked Europe, which could mean that the program is at least 5 years old. Other dates included United Arab Emirates on April 28, 2008 and Islamic Republic of Iran on March 1 2010.
The program has a self-kill logic that allows itself to turn off automatically to avoid detection by network administrators. It also uses 5 separate encryption algorithms and has an embedded SQLlite database to store information.
Source: http://www.crysys.hu/skywiper/skywiper.pdf
A few weeks later the Iranian based Computer Emergency Response Team Coordination Center filed a report on their website identifying an identical malware program on computer systems in Iran.
They found the program sniffing network traffic, securely transferring data to control servers, bypassing antivirus software, doing screen shots, and recording audio from built in microphones on desktop computers.
http://www.certcc.ir/index.php?name=news&file=article&sid=1894
