Flame: ´Most complex´ cyber-attack ever discovered

Updated on: 2012-05-29 || Source: zdnet.com
The world’s “largest cyberattack” has been uncovered. Business and universities — and governments — were the main target of the attack by the data-stealing malware.

Security researchers have discovered a new ‘data-vacuuming’ malware which has targeted a number of Middle Eastern countries including Israel and Iran.

Kaspersky said it believes “Flame” is larger than its apparent infamous counterparts Stuxnet and Duqu, and has been described as the “most complex threat” ever discovered.

Kaspersky’s Alexander Gostev said in an extensive questions and answers SecureList blog post that Flame ”redefines the notion of cyberwar and cyberespionage”.

Flame is an attack toolkit — rather than a ‘throwaway’ single-operating piece of malware — like Stuxnet and Duqu — which has the ability to relay back through the “eyes and ears” of a computer.

Along with Iran and Israel, Sudan and Syria found infected networks, as did Lebanon, Saudi Arabia, and Egypt. Others have been infected but Kaspersky did not name the individual countries.

Reuters however reports that Kaspersky’s Roel Schouwenberg, who discovered the malware, said Flame was “highly targeted” and directed at businesses and universities, adding: “no more than 5,000 personal computers around the world have been infected, including a handful in North America.”

Iran’s National Computer Emergency Response Team updated its security alert pages stating it believed Flame was the cause of a number of incidents of “mass data loss” in the country’s computer networks.

Flame has the components of a Trojan, a backdoor, and a worm, and is designed to attack Windows machines. Researchers do not appear to know how Flame initially enters a network, but have identified a Windows vulnerability that the malware exploits.

Compared to Duqu’s 300KB payload versus Stuxnet’s 500KB payload, Flame is a massive 20MB in size. Wired explains that Flame does not resemble either Stuxnet or Duqu in “framework, design or functionality,” despite their on-the-surface properties and similarities.

Flame sniffs network traffic and has the ability to take screenshots, record conversations by microphones that are plugged in or embedded to the PC, and keylogs input data and so forth.

The malware is unique in that it has the ability to steal so much data in so many different ways, allowing a complete overview in “eyes and ears” of anything and everyone in the vicinity of the infected machine.

Kamluk said the “size and sophistication” of Flame makes it more likely to be government-backed. Considering the malware has been designed to target Israeli networks, an allied nation to the U.K. and the U.S., the attack is unlikely to originate from the West.

Gostev explained in a SecureList posting:

“Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists,”

“By excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group. In addition, the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it.”

In 2010, Stuxnet was used to attacked Iranian nuclear facilities, while Duqu — found spreading exactly a year later in 2011 — was used to infiltrate networks and steal corporate and government data.

Kapersky believes that the original creation of the Flame project began no earlier than 2010, which coincides with the discovery of the security loophole it exploits.

ZDNet’s Charlie Osborne contributed to this report.

Image credit: Kaspersky Lab.


Blackphone 2 'privacy' Android handset revamped
Security firm Silent Circle has revamped its smartphone that helps people manage personal data.
Chinese smartphones mount massive web attack
More than 650,000 Chinese smartphones have been unwittingly enrolled in a massive attack that overwhelmed a web
Hilton investigates hack claims
The Hilton hotel group has said it is investigating claims its US shops and gift stores may be the source of
Twitter website 'blocked' in Turkey
Twitter users in Turkey report that the social media site has been blocked in the country.


Sign up to received our free newsletter!
E-mail ID:


Views: 5242 Times
Title Bar Effect Typewriter (JavaScript) READ MORE
Views: 2715 Times
Samsung Galaxy S4 eye-tracking smartphone unveiled READ MORE
Views: 2852 Times
24 cybercriminals arrested in 'Operation Card Shop' READ MORE
Views: 5430 Times
Fedora 17 Has Been Released, Download Now READ MORE
Views: 7387 Times
PHP: Create Your Own MVC (Part 7) READ MORE

Home|IT News|Computer Tips|Video Tutorials|Download Softwares|Subjects|Contact Us
Copyright © 2019. Jumbo Education (Information Technology). All rights reserved.
Free counter and web stats

Large Visitor Globe