Monday, May 28, 2012

Flame malware snoops on PCs across the Middle East

If you thought that Stuxnet was a very bad Windows virus, this is worse, at least according to the data being collected.

Much ado was made when security experts found Stuxnet wreaking havoc, but it's looking as though the malware was just a prelude to a much more elaborate attack that's plaguing the Middle East. Flame, a backdoor Windows trojan, doesn't just sniff and steal nearby network traffic info -- it uses your computer's hardware against you. The rogue code nabs phone data over Bluetooth, spreads over USB drives and records conversations from the PC's microphone. If that isn't enough to set even the slightly paranoid on edge, it's also so complex that it has to infect a PC in stages; Flame may have been attacking computers since 2010 without being spotted, and researchers at Kaspersky think it may be a decade before they know just how much damage the code can wreak.

No culprit has been pinpointed yet, but a link to the same printer spool vulnerability used by Stuxnet has led researchers to suspect that it may be another instance of a targeted cyberwar attack given that Iran, Syria and a handful of other countries in the region are almost exclusively marked as targets. 

Even if you live in a 'safe' region, I still advise you keep an eye out for anything suspicious.

Here is some additional info I got from The writer has a YouTube channel, @mrizos I believe. He has millions of page views at this blog.

Flame is very sophisticated modular malware (or espionageware).   All of it’s modules amount to a whopping 21 MB.   Flame was written in C++ and Lua (Lua is language you don’t see like…ever).  Flame can also morph it’s behavior to slip past traditional Antivirus (it’s able to detect over 100 antivirus applications), this apparently works very well.

Flame Objectives:
Flame is designed to quietly steal information by:

  • Logging keystrokes
  • Capturing all network traffic on the infected PC
  • Uploading documents already on the PC
  • Enabling built-in microphones and recording the audio (Everyone Hopes that this doesn't happen)
Another detail is that this malware has been around the net for over 2 years! Isn't that amazing?

Methods of Infection:

  • USB Sticks / Drives
  • Via LAN (spooler exploit)
  • Possibly via hijacked pages
KasperskyLab discovered Flame and now have confirmed over 400 detections of Flame in the Middle east (189 of those in Iran).  No one knows who created Flame, but it’s existence only in the middle East has many people pointing the finger to the US, England and Israel as possible Flame authors.