05 6 / 2012
After the recent Flashback Trojan incident, a new malware called ‘Flame’ has rattled the global cyber world as it has been recently noticed in the Middle East. This has been described as a very dreadful and sophisticated malware that is authored to perform cyber espionage against certain targets in the Middle East. Flame is capable of stealing classified information and can easily swipe away data from computers without letting you know about it.
The virus that has been code named as ‘Flame’ or ‘Flamer,’ is beyond the reach of standard antivirus and antimalware software. Its’ authors can increase the range of its attack and area of infliction.
The Computer Emergency Response Team Coordination Center (CertCC) in Iran had been the first to notice this virus. Their researchers claim that they have been conducting this research quite some time. Researchers revealed that they have been coordinating with various security firms to understand the mode of infection and area of operation of this virus.
Alexander Gostev, head of the Global Research and Analysis Team at Kaspersky said in a blog post that they came to know about this virus only when the United Nation’s International Telecommunication Union came to them and asked for help to deal with a worm that was consistently deleting their sensitive information across the Middle East.
Gosteve continued “Flame is a sophisticated attack toolkit, which is a lot more complex than Duqu. It is a backdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master.”
The size of the virus is around 20MB which is considerably larger than other malicious programs. According to Gosteve “the reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a Lua virtual machine.”
While analyzing the Flame codes, CertCC stated that Flame is very similar to the Stuxnet virus in terms of design and mode of operation. Stuxnet was noticed in 2010 for causing immense data loss in Iran. Iran’s nuclear programme was the first to be hit with this virus. Duqu was another similar threat that was named after the Star Wars villain. It was also capable of stealing sensitive data across the Middle East.
Flame is propagating itself across other computers via portable USB devices. Moreover, it is also exploiting a Microsoft Windows printer vulnerability that has been now patched.