First Stuxnet, now meet Flame.

Published on May 28, 2012 By DrJBHL In Personal Computing

Kaspersky has reported discovering a really super piece of spyware after being requested to investigate suspected malware causing information loss at the Iranian oil refinery/depot. They believe it’s been around since August 2010.

Photocredit: Kaspersky Labs

The countries affected appear to be Israel, Iran, Sudan, Syria, Lebanon and Saudi Arabia.

There are three classes of malware/spyware producers: Hacktivists, cybercriminals and nation states. The backtracking and identification of the targets yields the suspicion of just who and what group he/she/they belong to.

In this case, there’s no doubt some nation state is responsible…. based on the targets, sophistication of the attack and research needed to produce such software. I’m betting the NSA.

This spyware takes pictures of emails every time an email program is opened, and if a conversation is going on near a computer with a microphone, it compresses and sends the conversation. It appears to be an information only tool, not designed to damage the systems it resides on.

Stuxnet was simple minded compared to this one. Flame is like a tool kit which can go after whatever the sender wants, since after initial infection, additional modules can be added like plugins to a browser. Apparently there are more than twenty such modules in its full library. I read hints of this in the past (and there being five such modules), about the time I brought Duqu to your attention. At that time, Flame hadn’t been differentiated from Duqu publicly.

Flame appears to have infected over 600 very specific targets. So don’t worry, I doubt yours is on the list.

There will be many more interesting developments in this story, and as they come up, I’ll try my best to keep you all abreast.

Update (6/5/2012): It now appears that the Flame/Skywiper virus/Trojan exploited a 'hole' in an MS program to disguise itself as the program to grab blueprints and specs of the Iranian-Russian reactors, as well as take pictures of and the communications of those using those specs, and more.

Source:

http://www.bbc.com/news/technology-18238326

http://www.wired.com/threatlevel/2012/05/flame/ – Much more comprehensive history and analysis.

Update: http://www.israelnationalnews.com/News/News.aspx/156557#.T83nxTyjN8E

Comments (Page 2)

Nimbin

on Jun 05, 2012

Dr Guy

reply 14

What I meant by that is had the US made it, it would have been tight and focused, not scatter shot.

Maybe this has been done deliberately, to move focus away from the obvious suspects.

Daiwa

on Jun 05, 2012

Can't ignore pretzel logic, you know.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!