Flame surveillance worm 'most complex threat ever'

Powered by SC Magazine
 

Two-year rampage in Middle East.

A worm described as ‘the most sophisticated cyber weapon yet unleashed' has been detected attacking nations in the Middle East.

Iran's Computer Emergency Response Team (CCCERT) said yesterday the malware could be linked to "mass breaches" in the country and was related to infamous malware application Stuxnet and Duqu.

It had attacked predominantly Middle Eastern countries including  Iran, Israel and Syria.

Flame (Worm.Win32.Flame) had existed since 2010 and spread via removable  media according to the CERT and by exploiting a patched Microsoft printer hole -- the same tapped by Stuxnet.

It contained a backdoor and trojan and had worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so.

Kaspersky Labs researcher Alex Gostev said it was "one of the most complex threats ever discovered".

Once a system is infected, Flame would sniff network traffic, taking screenshots, recording audio conversations, intercepting the keyboard and other actions, which is passed on to the operators through the link to Flame's command and control (C&C) servers.

“Knowing that sooner or later Stuxnet and Duqu would be discovered, it would make sense to produce other similar projects ... we believe Flame to be a parallel project, created as a fallback in case some other project is discovered,” Gostev said.

Flame was 20 Mb in size, dwarfing Stuxnet by a factor of 20. 

It combined different libraries including some for compression (zlib, libbz2, ppmd), for database manipulation (sqlite3) and a LUA virtual machine -- the programming language of which many of its parts are written.

Gostev said the malware concealed itself within large amounts of code.

Flame could send recorded data to the C&C through a covert SSL channel, regularly take screenshots, and collect data on Bluetooth discoverable devices and turn the infected machine into a beacon.

- With Darren Pauli

Copyright © SC Magazine, UK edition


Flame surveillance worm 'most complex threat ever'
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 756

Vote