Researchers do not appear to know how Flame initially enters a network, but have identified a Windows vulnerability that the malware exploits. Wired explains that Flame does not resemble either Stuxnet or Duqu in "framework, design or functionality," despite their on-the-surface properties and similarities.
Flame sniffs network traffic and has the ability to take screenshots, record conversations by microphones that are plugged in or embedded to the PC, and keylogs input data and so forth. The malware is unique in that it has the ability to steal so much data in so many different ways, allowing a complete overview in "eyes and ears" of anything and everyone in the vicinity of the infected machine. Kamluk said the "size and sophistication" of Flame makes it more likely to be government-backed. Considering the malware has been designed to target Israeli networks, an allied nation to the U.
Gostev explained in a SecureList posting :. Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists,". In addition, the geography of the targets certain states are in the Middle East and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it.
In , Stuxnet was used to attacked Iranian nuclear facilities, while Duqu found spreading exactly a year later in was used to infiltrate networks and steal corporate and government data. Kapersky believes that the original creation of the Flame project began no earlier than , which coincides with the discovery of the security loophole it exploits. ZDNet's Charlie Osborne contributed to this report.
Image credit: Kaspersky Lab. Online security Tips for protecting your privacy from hackers and spies. US government's "do not buy" list shuts out Russia, China. New Spectre attack can remotely steal secrets, researchers say. Flaw let researchers snoop on Swann smart security cameras. You agree to receive updates, promotions, and alerts from ZDNet. You may unsubscribe at any time.
By signing up, you agree to receive the selected newsletter s which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy. Because Flame doesn't use a rootkit technology, free anti-rootkit tools won't be able to detect it. Is it related to Stuxnet and Duqu? Flame shares some characteristics with two previous types of malware that targeted critical infrastructure systems and which used the same technology platform: Stuxnet and Duqu.
Schouwenberg thinks the same entities are behind Flame. LNK file that triggers an infection when a directory is opened.
Flame also can replicate through local networks using a Windows-based shared printer vulnerability that was exploited by Stuxnet as well. Kaspersky hasn't uncovered Flame using any previously unknown vulnerabilities, called "Zero-Days," but since Flame has infected fully patched Windows 7 systems through the network, there may be a high-risk Zero-Day being exploited. The Stuxnet platform was created by one team or company and Flame by another team or company, and both teams had access to this common set of exploits," he said.
Flame is 20 times larger than Stuxnet, which was previously believed to be the most sophisticated piece of malware ever. How serious is this? Kaspersky researchers believe there is much more to Flame than they know now. The amount of manpower required to maintain this operation is very significant.
This shows the amount of resources committed to this project. Who is being targeted with Flame? How widespread is Flame? So far there are only estimates as to how widespread Flame infections are. Kaspersky researchers have seen between and infections on customer computers reporting back to them, but researchers speculate there could be more than 1, infected computers worldwide.
Most of the infections are in Iran and other countries in the Middle East. There are a few in the U. Does it affect me? Most of the major antivirus software now detects Flame, so updating your security software will protect you. Kaspersky also has offered tips for manually removing the malware. The software is not designed to steal financial data and does not seem targeted at consumers, so chances are your computer is safe.
You mean Stuxnet and Duqu, right? How is this different? This virus is definitely related to those two,which infected Iranian nuclear computer systems in and At least the Iranian government thinks so.
But this one is being talked up as bigger and scarier. So, if these are related to Stuxnet and Duqu are they from the same source, then? Kind of, but not exactly. Neither Zetter nor the Kaspersky Lab believe the virus has the same authors. But no matter how much we looked for similarities [in Flame], there are zero similarities," Alexander Gostev, chief security expert at Kaspersky Lab told Zetter.
Which nation-state do they think was behind it, then? Israel is the obvious guess, with the country's tension with Iran. So, this sounds like it could be a type of warfare.
Has Iran done anything about it? The U.
0コメント