Flame surveillance worm 'most complex threat ever'

Powered by SC Magazine
 

Two-year rampage in Middle East.

A worm described as ‘the most sophisticated cyber weapon yet unleashed' has been detected attacking nations in the Middle East.

Iran's Computer Emergency Response Team (CCCERT) said yesterday the malware could be linked to "mass breaches" in the country and was related to infamous malware application Stuxnet and Duqu.

It had attacked predominantly Middle Eastern countries including  Iran, Israel and Syria.

Flame (Worm.Win32.Flame) had existed since 2010 and spread via removable  media according to the CERT and by exploiting a patched Microsoft printer hole -- the same tapped by Stuxnet.

It contained a backdoor and trojan and had worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so.

Kaspersky Labs researcher Alex Gostev said it was "one of the most complex threats ever discovered".

Once a system is infected, Flame would sniff network traffic, taking screenshots, recording audio conversations, intercepting the keyboard and other actions, which is passed on to the operators through the link to Flame's command and control (C&C) servers.

“Knowing that sooner or later Stuxnet and Duqu would be discovered, it would make sense to produce other similar projects ... we believe Flame to be a parallel project, created as a fallback in case some other project is discovered,” Gostev said.

Flame was 20 Mb in size, dwarfing Stuxnet by a factor of 20. 

It combined different libraries including some for compression (zlib, libbz2, ppmd), for database manipulation (sqlite3) and a LUA virtual machine -- the programming language of which many of its parts are written.

Gostev said the malware concealed itself within large amounts of code.

Flame could send recorded data to the C&C through a covert SSL channel, regularly take screenshots, and collect data on Bluetooth discoverable devices and turn the infected machine into a beacon.

- With Darren Pauli

Copyright © SC Magazine, UK edition


Flame surveillance worm 'most complex threat ever'
 
 
 
Top Stories
Windows 10 lands in Australia
Campaign to get business to upgrade kicks off.
 
NSW to build its own myGov
Service NSW digital profiles available by September.
 
Android bug leaves a billion phones open to attack
Hackers only need phone number to target devices.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Should law enforcement be able to buy and use exploits?



   |   View results
Yes
  14%
 
No
  51%
 
Only in special circumstances
  17%
 
Yes, but with more transparency
  18%
TOTAL VOTES: 752

Vote