web analytics

Flames raised the bar of cyber espionage

flames

On 28 th May Kasperkey Labs announced the discovery of most advance virus Worm.Win32.Flame built to carry out cyber espionage. In their announcement Kasperkey Lab has said

[highlighter color="gray" ]“Kaspersky Lab announces the discovery of a highly sophisticated malicious program that is actively being used as a cyber weapon attacking entities in several countries. The complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date”.[/highlighter]

ITU ( International Telecommunication Union) asked for help from Kasperkey Lab to find out the Malware which was deleting important data across middle east. Flames was detected during the research to find out the Malware code name wiper.

A specific category of cyber warfare has originated which is backed by states not hackers. Stuxnet and Duqu were the malware which brought this evolved form of cyber warfare in light. These malware are designed to attack only on targets otherwise they will remain as an scrap piece of coding on Computers. The complexities and targeted attack nature of these Malware has allowed them to cross security software cordon.

As per the research done by Kasperkey Flame worm has the following ability:

1. Can steal data.

2. Can sniff on the network traffic.

3. Can take screenshot, record audio conversation, intercept the keyboard. Flame has the ability to steal data in many ways.

4. When Bluetooth is on infected device Flame can find information about the discoverable devices.

5. Data is available to the masters of this Malware through the link’s to Flame command and control software.

6. Flames is 20 times bigger than Stuxnet.

Flames which has up-to 20 modules once infected the system the operators of the Module can choose to upload the other modules which will increase the functionality of the malware. Flame is out since February 2010 but the Kasperkey has said there is a high probability that Flame was out there before 2010.

As per Kasperkey analysis, Flame is not developed by hacktivists and cyber-criminals. Kasperkey analysis particularly point out towards  nation states that has made Flame and primary motive is cyber espionage. The geographical area which is infected by the Flames is middle east and seven nation are primarily affected. These states are.

Iran: 189

Israel:Palestine: 98

Sudan: 32

Syria: 30

Lebanon: 18

Saudi Arabia: 10

Egypt:5

It is very interesting that all of these states are politically volatile since half a decade and particularly Iran. Eugene Kasperkey has said about Flame is

[highlighter color="gray" ]“The risk of cyber warfare has been one of the most serious topics in the field of information security for several years now. Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide. The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country. Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case.”[/highlighter]

To read a complete analysis of Flame virus please visit the securelist.

Follow us on Facebook, Twitter, G+ .

TAGS:

No Comments

Leave a Comment