Flame On!

An ill wind is blowing. It use to be that we needed to be afraid of the script kiddies trying to penetrate our networks, then we needed to worry about the organised hackers, teaching each other their latest exploits, such as Cult of the Dead Cow, Anonymous or Lulz, but now we have sailed in to dangerous waters.

Over the last few months we are seeing a lot more state sponsored activity. First it was Stuxnet, then Duqu and now the latest FLAME!

Kaspersky Lab has discovered a new Worm/Trojan that they have code named Flame, and named within their Anti-Virus tool, Worm.Win32.Flame.

The investigation in to the new worm was kicked off after the UN’s International Telecommunication Union complained that some new malware was deleting sensitive documents across the Middle East. While investing “Wiper”, the Kaspersky code name for the undiscovered Malware, they stumbled across Flame.

It seems that Flame was from the same authors, or persons working with the original authors of Stuxnet and Duqu. Kaspersky came to this conclusions as the code shared common vulnerabilities and functions as the sister Trojans, with a similar target audidence.

Kaspersky describes the new “super-weapon” as “incredibly sophisticated” and “one of the most complex threats ever discovered”.

Flame is described as a “Back-Door”, a “Trojan” and is described as having “Worm like functionality”. The original delivery mechanism is yet to be discovered, but once on a system it will spread via portable storage and network connectivity.

Once the system has been compromised Flame will start to sniff the network, capturing screenshots and audio, intercept keystrokes and enable remote viewing of any installed cameras.

Once it connects to its command and control centre it downloads extra modules, up to twenty, adding extra functionality, most of which are still being investigated.

The reason Kaspersky called the new Trojan Flame was because of one of the main modules was named Flame - it’s the module responsible for attacking and infecting additional machines.

The main distribution is within the Middle East, specifically Iran, 189 machines infected, Israel, 98 infected, Sudan, 32 infected, Syria, 30 infected, Lebanon, 18 infected, Saudi, 10 infected and Egypt with 5 machines infected.

The tools main goal seems to be reconnaissance, the collection of information, not targeted financial information that you would expect from Cyber Criminals, and the collection of Audio seems to suggest more of an intelligence gathering activity, rather than a financial motive.

Other Cyber Security experts are referring to Flame as” Flamer” and “SkyWiper”.

The script Kiddies are not the ones you need to worry about, the state sponsored Trojans are the next level of cyber threats, tool up!

Please read our "Terms" before making a comment.