Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyber war and cyber espionage.” Kaspersky lab expert Alexander Gostev described.
The escalating digital espionage battle is said to have reached a new milestone due to the discovery of a complex targeted cyber attack known as Flame. What exactly is Flame? It is a sophisticated attack toolkit which is designed to carry out cyber espionage. It is capable of accessing a computer and stealing display contents, files, data and saved audio conversations. Its complexity and functionality exceed those of all other known cyber weapons.
Flame, a backdoor Windows trojan, doesn’t just sniff and steal nearby network traffic info — it uses your computer’s hardware against you. Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on.
The recording of audio data from the internal microphone is rather new. Though there is other malware exists to record audio, key here is Flame’s completeness – the ability to steal data in so many different ways.
Another curious feature of Flame is its use of Bluetooth devices. When Bluetooth is available and the corresponding option is turned on in the configuration block, it collects information about discoverable devices near the infected machine. Depending on the configuration, it can also turn the infected machine into a beacon, and make it discoverable via Bluetooth and provide general information about the malware status encoded in the device information.
The malware has the ability to regularly take screenshots; what’s more, it takes screenshots when certain “interesting” applications are run, for instance, IM’s. Screenshots are stored in compressed format and are regularly sent to the C&C server – just like the audio recordings.
Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. The geography of the targets and also the complexity of the threat leave no doubt about it being a nation-state that sponsored the research that went into it.
The targets of this threat range from individuals to certain state-related organizations or educational institutions. Mainly Middle East countries including Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt are affected by the attack. According to Iranian National Computer Emergency Response Team (CERT), Flame was likely responsible for recent incidents of “mass data loss” in the government. Experts said the massive malicious software was 20 times more powerful than other known cyber warfare programmes including the Stuxnet virus and could only have been created by a state.It is the third cyber attack weapon targeting systems in the Middle East to be exposed in recent years.
Flame is the largest cyber weapon discovered to date – and it was designed in a way that made it nearly impossible to track down. Whereas conventional malware is built to be small and hidden, Flame’s sheer size allowed it to remain undiscovered.
How could you secure from the malware?
The latest versions of Kaspersky Lab’s business and consumer anti-malware products detect and cure all known variants of Flame, categorized as Worm.Win32.Flame
Media reports about Flame
More on:
http://www.kaspersky.com/flame
http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers
