View source

<div align=justify>A nasty and complex malware program known as Flame has been unmasked after four years of cyber-attacks on several countries, according to Russian anti-virus firm Kaspersky Lab.


The firm — which analyzed the malware over the weekend and revealed it to be the largest and most complex attack toolkit to date — believes that it was commissioned by a country or countries’ government.

“Flame is a covert operation in cyber-space and without a doubt, it’s been commissioned by a nation-state or nation-states,” senior researcher Roel Schouwenberg at Kaspersky Lab said. “Global governments are investing more and more money in so-called offensive capabilities, and it’s a lot easier and cheaper than traditional espionage and warfare.”

Flame is currently being used for cyber-espionage and it could infect computers to steal data and sensitive information, the company said.

Kaspersky Lab detailed Flame’s “advanced espionage functionality” for intercepting network traffic, taking screenshots and recording audio conversations during a press conference on Monday.

“This is huge and unlike anything we’ve seen before, and it’s been operating throughout the world for four years,” a Kaspersky Lab specialist said during the broadcasted press conference. “We are still investigating the malware and need more time to confirm findings.”

Flame is a sophisticated attack toolkit, much more complex than previous malware such as Stuxnet and Duqu.

According to Kaspersky, Flame is intended is to collect information from operations of certain nation states, including but not limited to Iran, Israel, Syria, Lebanon, Saudi Arabia and Egypt. Flame has also been reported in Europe and North America.

“The attackers say they live in Germany or Austria, but we can’t be sure,” the company said. “We know they are particularly interested in PDF files, Microsoft documents and especially [design software] AutoCad files.”

Kaspersky Lab looked at the IP addresses where the servers were hosted and identified other domains which were hosted on the same machines, which indicates they are fake. In total, the company has discovered over 80 different domains which appear to belong to the Flame command and control infrastructure.

The domains — which are registered to various hotels, stores, organizations and doctor’s offices — were registered as far back as 2008, many with GoDaddy.

The fake identities point to illegitimate IP addresses in Germany and Austria, but it’s unknown at this time why these two countries were chosen. Over the past few years, the servers have moved from various locations, including Hong Kong, Turkey, Malaysia, the United Kingdom and Switzerland.

Based on the way Flame works and how it is being used, Kasperksy Lab said the attacks can be classified as a “cyberweapon.” Because Flame collects different kinds and formats of information from a victim’s computer, governments and military can lose classified information and private companies can lose intellectual property.

“Flame’s mission is not about stealing identities — it’s about gathering intelligence,” Schouwenberg said. “Overall, regular consumers are not Flame’s target.”

Kasperksy Lab said it’s continuing to look into the attacks and should have more information on the matter in the next few days.

“Flame is definitely bringing the issue of cyber-warfare to the foreground, which is good,” Schouwenberg said. “We need to discuss the dangers surrounding cyber-weaponry, which is a rising international problem.” </div>


''Taken from mashable.com''
Return to Meet Flame, the Nastiest Computer Malware Yet.
Retrieved from "http://myidealhost.com/tutorials/Meet_Flame,_the_Nastiest_Computer_Malware_Yet"
Navigation

Search
