News

Security researchers discover powerful cyber espionage weapon 'Flame'

Warwick Ashford

Security researchers have discovered a powerful cyber weapon with functionality exceeding that of all other known threats.

The advanced malware, which is said to be attacking targets in several countries, was discovered by security firm Kaspersky Lab during an investigation prompted by the International Telecommunication Union (ITU).

The malicious program, detected as Worm.Win32.Flame, is designed to carry out cyber espionage. Flame can steal valuable information, including - but not limited to - computer display contents, information about targeted systems, stored files, contact data and even verbal conversation.

The research was initiated in response to a series of incidents with another, still unknown, destructive malware programme – codenamed 'Wiper' – which deleted data on a number of computers in the Western Asia region.

This particular malware is yet to be discovered, but during the analysis of these incidents, Kaspersky researchers came across Flame, which they believe has been "in the wild" since March 2010.

But due to its extreme complexity and the targeted nature of the attacks, Flame has evaded detection by security software for just over two years.

The features of Flame differ from those of cyber weapons such as Stuxnet and Duqu, but researchers said the location of the attacks, the use of specific software vulnerabilities, and the fact that only selected computers are being targeted, suggests Flame belongs to the same category of super-cyber weapons.

The Flame malware looks to be another phase in cyber warfare, according to Eugene Kaspersky, CEO and co-founder of Kaspersky Lab.

"It’s important to understand that such cyber weapons can easily be used against any country. Unlike conventional warfare, the more developed countries are actually the most vulnerable," he said.

Researchers said the diverse nature of the data stolen by Flame makes it one of the most advanced and complete attack-toolkits ever discovered.

The exact infection vector has still to be revealed, they said, but it is already clear that Flame has the ability to replicate over a local network using several methods, including the same printer vulnerability and USB infection method exploited by Stuxnet.

"One of the most alarming facts is that the Flame cyber-attack campaign is currently in its active phase, and its operator is consistently surveying infected systems, collecting information and targeting new systems to accomplish its unknown goals,” said Alexander Gostev, chief security expert at Kaspersky Lab.

Researchers are conducting deeper analysis of Flame, but initial investigations have revealed that it comprises multiple modules and is made up of several megabytes of executable code, making it around 20 times larger than Stuxnet.

The ITU plans to use the ITU-IMPACT network, consisting of 142 countries and several research firms, including Kaspersky Lab, to alert governments and the technical community about this cyber threat, and to expedite the technical analysis.

The ITU believes that analysing Flash will require a large team of top-tier security experts and reverse engineers with vast experience in the cyber defence field.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy