Flame, aka Flamer or sKyWIper

Corrine

Administrator,
Microsoft MVP,
Security Analyst
Staff member
Joined
Feb 22, 2012
Posts
12,409
Location
Upstate, NY
Flame, aka Flamer or sKyWIper, has been dubbed more complex than Duqu and Stuxnet. In fact, it has been described as "the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found."

As described in The Flame: Questions and Answers - Securelist:
What exactly is Flame? A worm? A backdoor? What does it do?

Flame is a sophisticated attack toolkit, which is a lot more complex than Duqu. It is a backdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master.

The initial point of entry of Flame is unknown - we suspect it is deployed through targeted attacks; however, we haven’t seen the original vector of how it spreads. We have some suspicions about possible use of the MS10-033 vulnerability, but we cannot confirm this now.

Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on. All this data is available to the operators through the link to Flame’s command-and-control servers.

Later, the operators can choose to upload further modules, which expand Flame’s functionality. There are about 20 modules in total and the purpose of most of them is still being investigated.

The following quote by Professor Alan Woodward Department of Computing, University of Surrey, was included in the BBC article, Flame: Massive cyber-attack discovered, researchers say:
This is an extremely advanced attack. It is more like a toolkit for compiling different code based weapons than a single tool. It can steal everything from the keys you are pressing to what is on your screen to what is being said near the machine.

It also has some very unusual data stealing features including reaching out to any Bluetooth enabled device nearby to see what it can steal.

Just like Stuxnet, this malware can spread by USB stick, i.e. it doesn't need to be connected to a network, although it has that capability as well.

This wasn't written by some spotty teenager in his/her bedroom. It is large, complicated and dedicated to stealing data whilst remaining hidden for a long time.

In other words, we are going to be seeing a lot more of Flame.

Additional References:
 
Another source...

The UN's International Telecommunications Union and Kaspersky Labs revealed today that it has discovered Flame, a new trojan rivaling Stuxnet. Codenamed "Worm.Win32.Flame," the malware is currently being researched and it is described as "one of the most complex threats ever discovered." It is believed to be active across thousands of computers in the Middle East, primarily in Iran and Israel, as well as on some machines in North Africa.

Researchers believe that the trojan's primary function is cyberespionage: once Flame infects a computer, it is equipped to record audio from connected or built-in microphones, monitor nearby Bluetooth devices, take screenshots, and save data from documents and emails. All of this data, apparently stolen as part of a targeted attack, is constantly sent up to command and control servers.
http://www.theverge.com/2012/5/28/3048114/flame-trojan-worm-kaspersky-lab-detailed
 
While I was on vacation, Beryl dampened the atmosphere. Thusly, I had some good reading time. I know I will probably get smacked for this, but, I think this is some great work. I am not a fan of malware, spyware, viruses, or any of the sort. I am, however, a fan of keeping a close eye on your enemies. Stuxnet was pretty brilliant in it's own right. The ability to hunt down a specific Siemens P.L.C. used for a very specific job, alter it's output and readings just enough to shorten the life of the centrifuges they are meant to control, is pretty amazing. Now with the uncovering of the Flame, well, we have only seen a very small amount of what it is actually capable of. And to think, these were both released about five years ago. What else have the U.N.s coders been up to since then? I wait with anticipation...
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top