Results 1 to 6 of 6
Like Tree1Likes
  • 1 Post By Corrine

Thread: Flame, aka Flamer or sKyWIper - The most sophisticated malware

  1. #1
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default Flame, aka Flamer or sKyWIper - The most sophisticated malware

    Flame, aka Flamer or sKyWIper, has been dubbed more complex than Duqu and Stuxnet. In fact, it has been described as "the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found."

    As described in The Flame: Questions and Answers - Securelist:
    What exactly is Flame? A worm? A backdoor? What does it do?

    Flame is a sophisticated attack toolkit, which is a lot more complex than Duqu. It is a backdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master.

    The initial point of entry of Flame is unknown - we suspect it is deployed through targeted attacks; however, we haven’t seen the original vector of how it spreads. We have some suspicions about possible use of the MS10-033 vulnerability, but we cannot confirm this now.

    Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on. All this data is available to the operators through the link to Flame’s command-and-control servers.

    Later, the operators can choose to upload further modules, which expand Flame’s functionality. There are about 20 modules in total and the purpose of most of them is still being investigated.
    The following quote by Professor Alan Woodward Department of Computing, University of Surrey, was included in the BBC article, Flame: Massive cyber-attack discovered, researchers say:
    This is an extremely advanced attack. It is more like a toolkit for compiling different code based weapons than a single tool. It can steal everything from the keys you are pressing to what is on your screen to what is being said near the machine.



    It also has some very unusual data stealing features including reaching out to any Bluetooth enabled device nearby to see what it can steal.

    Just like Stuxnet, this malware can spread by USB stick, i.e. it doesn't need to be connected to a network, although it has that capability as well.

    This wasn't written by some spotty teenager in his/her bedroom. It is large, complicated and dedicated to stealing data whilst remaining hidden for a long time.
    In other words, we are going to be seeing a lot more of Flame.

    Additional References:
    HappyAndyK likes this.

  2. #2
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    thanks Corrine for the info !

  3. #3
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    I've updated my blog post with additional references beyond my initial post above: Flame, aka Flamer or sKyWIper.

  4. #4
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    Flame can sabotage computers by deleting files, says Symantec

    The virus can not only steal data but disrupt computers by removing critical files, says a Symantec researcher.

    The infamous Flame virus can delete files from a computer and is likely the cause of a cyberattack against Iran in April, according to new findings.
    Flame was originally identified for its ability to steal data and capture information from keystrokes, PC displays, and audio conversations.
    But a new component of Flame uncovered by security firm Symantec gives its operators the power to delete important files from compromised computer systems, Symantec researcher Vikram Thakur revealed yesterday.
    Such power means that the virus can disrupt critical software and "completely disable operating systems," Reuters reported based on Thakur's findings.

    "These guys have the capability to delete everything on the computer," Thakur said, according to Reuters.
    "This is not something that is theoretical. It is absolutely there."

    If true, Flame can be used as a weapon against nations to attack vital infrastructure systems, such as dams, chemical plants, and manufacturing facilities, Reuters added. And it could have been used as a weapon against Iran this past April.

    Boldizsar Bencsath, an expert on cyber warfare with Hungary's Laboratory of Cryptography and System Security, told Reuters that there was at least a 20 percent chance that Flame was behind the attack against Iran.
    Reportedly discovered by Kaspersky Labs, Flame targeted Iran and countries in the Middle East by infecting a host of computers across the region. CEO Eugene Kaspersky compared the new malware to its Stuxnet predecessor and said it seemed to be state-sponsored.
    Some reports have named United States and Israel as the sources behind Flame.
    In response, the U.S. has remained mum. Israel has denied any involvement despite comments by prime minister Moshe Ya'alon that countries concerned about Iran's nuclear program might use such cyberattacks "to harm the Iranian nuclear project."

    full story: Flame can sabotage computers by deleting files, says Symantec | Security & Privacy - CNET News
    Last edited by hackerman1; 23rd June 2012 at 12:34.

  5. #5
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,559

  6. #6
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    Don't miss Anand's article on the home page: BitDefender Flame Removal Tool: Remove Flamer Trojan or sKyWIper.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22