Flame surveillance worm 'most complex threat ever'

Powered by SC Magazine
 

Two-year rampage in Middle East.

A worm described as ‘the most sophisticated cyber weapon yet unleashed' has been detected attacking nations in the Middle East.

Iran's Computer Emergency Response Team (CCCERT) said yesterday the malware could be linked to "mass breaches" in the country and was related to infamous malware application Stuxnet and Duqu.

It had attacked predominantly Middle Eastern countries including  Iran, Israel and Syria.

Flame (Worm.Win32.Flame) had existed since 2010 and spread via removable  media according to the CERT and by exploiting a patched Microsoft printer hole -- the same tapped by Stuxnet.

It contained a backdoor and trojan and had worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so.

Kaspersky Labs researcher Alex Gostev said it was "one of the most complex threats ever discovered".

Once a system is infected, Flame would sniff network traffic, taking screenshots, recording audio conversations, intercepting the keyboard and other actions, which is passed on to the operators through the link to Flame's command and control (C&C) servers.

“Knowing that sooner or later Stuxnet and Duqu would be discovered, it would make sense to produce other similar projects ... we believe Flame to be a parallel project, created as a fallback in case some other project is discovered,” Gostev said.

Flame was 20 Mb in size, dwarfing Stuxnet by a factor of 20. 

It combined different libraries including some for compression (zlib, libbz2, ppmd), for database manipulation (sqlite3) and a LUA virtual machine -- the programming language of which many of its parts are written.

Gostev said the malware concealed itself within large amounts of code.

Flame could send recorded data to the C&C through a covert SSL channel, regularly take screenshots, and collect data on Bluetooth discoverable devices and turn the infected machine into a beacon.

- With Darren Pauli

Copyright © SC Magazine, UK edition


Flame surveillance worm 'most complex threat ever'
 
 
 
Top Stories
Photos: Global Switch opens Sydney East data centre
First stage opened, to some fanfare.
 
ATO releases long-awaited Bitcoin guidance
Everyday investors escape the tax man.
 
Why the Weather Bureau’s new supercomputer is a 'gamechanger'
IT transformation starts to reap results.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  11%
TOTAL VOTES: 487

Vote