Not so new but improved version of Stuxnet
Contributed by: Email on 05/29/2012 01:58 PM
[
Comments
]
Just who is behind the newly discovered malware referred to as Flame? Flame appears to be a new form of malware, similar to Stuxnet and Duqu, as an advanced data-stealing tool that is being used in targeted attacks against organizations in Iran, Syria and Palestine, and has experts speculating that Flame was built by a Western intelligence agency or military.
The existence of Flame was revealed on Monday, but the tool apparently has been in existence for more than two years (or possibly five years) and has infected several hundred organizations in various countries in the Middle East. Flame has nearly two dozen separate components, many of which are designed specifically to steal various kinds of information from infected machines. The malware can record audio from the microphone, take screenshots of certain applications and then upload all of that data to a remote command-and-control server via an SSL-encrypted connection.
"Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group. In addition, the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it," Aleks Gostev, chief security expert at Kasperky Lab, wrote in an analysis of Flame.
"The results of our technical analysis support the hypotheses that sKyWIper (what they have named Flame ) was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyber warfare activities. sKyWIper is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found," they wrote in their analysis.
The discovery of Flame after two or five or eight years of use should remind us that the defenses most organizations have in place right now are of little use for detecting custom threats and tools.
The existence of Flame was revealed on Monday, but the tool apparently has been in existence for more than two years (or possibly five years) and has infected several hundred organizations in various countries in the Middle East. Flame has nearly two dozen separate components, many of which are designed specifically to steal various kinds of information from infected machines. The malware can record audio from the microphone, take screenshots of certain applications and then upload all of that data to a remote command-and-control server via an SSL-encrypted connection.
"Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group. In addition, the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it," Aleks Gostev, chief security expert at Kasperky Lab, wrote in an analysis of Flame.
"The results of our technical analysis support the hypotheses that sKyWIper (what they have named Flame ) was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyber warfare activities. sKyWIper is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found," they wrote in their analysis.
The discovery of Flame after two or five or eight years of use should remind us that the defenses most organizations have in place right now are of little use for detecting custom threats and tools.
Comments
