The new discovery concerns one of the smaller programs controlled by the Flame command software, referred to in the original code as SPE.
According to the Kaspersky analysis, it includes a “back door” allowing for remote control, data theft and the ability to take screen shots -- or images of the computer screen -- as the user engages with Microsoft Office, Adobe Systems Inc’s Reader, web browsers, and other applications.
“MiniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage,” Kaspersky Chief Security Expert Alexander Gostev said.
Symantec said on Friday it had no new information on Flame or the related programs.
Kaspersky said that miniFlame worked with Flame and Gauss but could also operate independently of both, taking orders from a separate network of command computers. It said the new discovery makes a stronger case for the connection among all the programs, though it has not accused any party of authorship.
Kaspersky said it found six versions of miniFlame, the most recent created in September 2011. Some of the protocols it used dated to 2007, making it a long-running effort.
MiniFlame responded to a series of commands given Anglo first names by the program authors. “Elvis” created a process on an infected machine and “Barbara” took a screen shot. “Tiffany” directed the computer to a new command server.
In a speech on Thursday, U.S. Secretary of Defense Leon Panetta warned that the country could act pre-emptively against imminent cyber attacks that would cause “significant physical damage” or kill U.S. citizens. He said the Pentagon was rewriting its rules for engagement in cyberspace.
Though it has been ramping up its capabilities, the Pentagon has said little in public about what it can do.