Flame: A glimpse into the future of war

[JMH]

Claims of cyberwar are overblown, but things are definitely heating up in regard to international conflicts where malware is replacing drone strikes.

If you roll your eyes at the term "Digital Pearl Harbor," you have my sympathy. We've been warned about the specter of an enemy attack via bits and bytes for several decades, with no real evidence that this is a realistic possibility and not mere hype.

Still, a new worm that's been spying on infected computers in the Middle East has been called a "cyberweapon," and while we're not talking outright combat, it's clear that malware is increasingly playing a part in geopolitical diplomacy and conflict.

http://news.cnet.com/8301-1009_3-57...?part=rss&tag=feed&subj=News-Security&Privacy

 

[JMH]

'Flame' Cyber-Weapon Lurked for Years

The Flame "super-malware" must have been infecting computers for as long as four years and was less invisible to antivirus software than assumed, an analysis by security company AlienVault has concluded.

On the face of its AlienVault's analysisis just another forensic guess after peering at the important mssecmgr.ocx Win32 PE (portable executable) file, which 'exports' a clutch of progamming functions. As pulled apart by the Hungarian CrySys Lab, this contains debug entries suggesting a 2011 creation date.

However, an older version of the same file references a smaller number of functions and comes with a compilation date in 2008, which suggests a longer development timeline for the software.

http://www.pcworld.com/article/256644/flame_cyberweapon_lurked_for_years.html#tk.rss

 

[JMH]

Flame: UN urges co-operation to prevent global cyberwar

The UN has urged countries to seek a "peaceful resolution" in cyberspace to avoid the threat of global cyberwar.

The comments by the head of the UN's telecommunications agency came a week after Flame, one of the most complex cyber-attacks to date, was uncovered.

Dr Hamadoun Toure told the BBC that he did not suspect the US of being behind the attack.

He added that developing countries were being helped to defend themselves more adequately against threats.

http://www.bbc.co.uk/news/technology-18351995

 

[JMH]

Flame authors order infected computers to remove all traces of the malware

The creators of the Flame cyber-espionage threat ordered infected computers still under their control to download and execute a component designed to remove all traces of the malware and prevent forensic analysis, security researchers from Symantec said on Wednesday.

Flame has a built-in feature called SUICIDE that can be used to uninstall the malware from infected computers. However, late last week, Flame's creators decided to distribute a different self-removal module to infected computers that connected to servers still under their control, Symantec's security response team said in a blog post.

The module is called browse32.ocx and its most recent version was created on May 9, 2012. "It is unknown why the malware authors decided not to use the SUICIDE functionality, and instead make Flamer perform explicit actions based on a new module," the Symantec researchers said.

http://www.itworld.com/security/280...-infected-computers-remove-all-traces-malware