29 May 2012

Flame Malware Burns Information Systems Across MENA

From Iran to Sudan, computer systems across MENA (Middle East North Africa) are being infected by Flame, a huge and powerful type of spyware, of unknown origin. Flame seeks out hidden information inside targeted systems, and transmits it to command and control centres outside the countries targeted.

Russia's Kaspersky Lab discovered the sophisticated virus while following a request by the United Nations to look into reports that Iranian Oil Ministry and Oil Company computers may have been infected by a new, unknown virus.
A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.

The malware, discovered by Russia-based anti-virus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years.

...Early analysis of Flame by the Lab indicates that it's designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.

The malware, which is 20 megabytes when all of its modules are installed, contains multiple libraries, SQLite3 databases, various levels of encryption -- some strong, some weak -- and 20 plug-ins that can be swapped in and out to provide various functionality for the attackers. It even contains some code that is written in the LUA programming language -- an uncommon choice for malware.

...Gostev says that because of its size and complexity, complete analysis of the code may take years.

"It took us half-a-year to analyse Stuxnet," he said. "This is 20-times more complicated. It will take us 10 years to fully understand everything." _Wired.co.uk
Read the full article linked above for more information.

While the author of the article speculates that "Flame" may have been written by the same authors as Stuxnet and Duqu, Al Fin analysts suspect that the three viruses were each written by distinct groups of malware creators.

It is likely that Stuxnet was a joint project of US and Israeli spy agencies. Duqu is more likely to be the product of Chinese malware labs. Flame is probably either a Russian or a Chinese project.

Expect such spyware to increase in sophistication over time, as the war of the codes intensifies.

And just wait until nano-ware -- entire mobile computer and telecom systems which can be transported and placed virtually anywhere in a covert manner -- becomes more prominent. Interesting times.


Bookmark and Share


Blogger neil craig said...

If a presumably small number of Israeli (as opposed to palestinian) sites hadn't been targeted the automatic assumption would be Israel + CIA. However since it, so far, has only collected information rather then destroying things, there would be little downside to Israel targeting a few Israelis to provide cover.

Wednesday, 30 May, 2012  
Blogger al fin said...

The more I look at it, the more likely it seems to be a Russian effort. But I am not ruling out China.

If we see more of what might be considered blatant foot-dragging by Kaspersky Lab could be considered a sign that Kaspersky itself might know more about its origins than has been revealed.

Wednesday, 30 May, 2012  

Post a Comment

“During times of universal deceit, telling the truth becomes a revolutionary act” _George Orwell

<< Home

Newer Posts Older Posts