Over the past few days, we have been bombarded by the exploits of the newly discovered virus going by the name, Flame that wreaked havoc on the computers in the Middle East giving way to cyber attacks. The Flame worm, which was discovered by researchers at the Kaspersky Lab has now gained the notoriety of being the most advanced and sophisticated cyber weapon discovered ever. Yesterday, reports about Iran acknowledging that the dangerous virus had found its way to the computer systems of its top officials had surfaced, leading everyone to believe that the deadly virus was fast making its way into computer systems. Iran’s cyber defense organization known as the Computer Emergency Response Team Coordination Centre warned that this virus is extremely powerful, about 20 times more than the Stuxnet that had attacked its nuclear program in Tehran. The virus, reportedly had been around on computers for 5 years and is capable of sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and even monitoring the display.
The most deadly yet?
Now, in conversation with Roel Schouwenberg, Senior Researcher at Kaspersky, CNET’s Elinor Mills managed to scoop out more about the deadly virus. When asked for how long has the virus been around, Schouwenberg was quoted by CNET as saying, “We have the first confirmed report of Flame in the wild in 2010, but there is circumstantial evidence that dates it back to 2007 and some speculate it may go back further than that.” Explaining further, Schouwenberg was quoted saying to Elinor Mills that the Flame virus spreads inside a network through a USB thumb drive, network shares, or a shared printer spool vulnerability. He, however added that it spreads only when instructed to do so by the attackers. He further added that at this point it's unclear what the initial point of entry is. “We expect to find a spear phishing e-mail with a Zero-Day exploit,” Schouwenberg said.
When asked about what delayed the discovery of a virus, as dangerous as Flame, Schouwenberg stated, “Clearly it's another multimillion-dollar project with government funding, so one of the top priorities has been stealth.” He was further quoted as saying that the ones who created the Flame virus wrote the code ensuring that it wouldn't catch anyone's attention for long. He further added that the Flame virus spreads only once it is instructed to do so remotely, and this is really why a later Stuxnet variant was discovered (it spread quickly). The Flame virus uses a relatively rare scripting language, Lua and hence doesn't appear to be malicious, at first. “Flame authors have adopted the concept of hiding in plain sight,” he added.
Schouwenberg added that the majority of the infections are in Iran and across other countries in the Middle East. There are a few in the U.S, too, which Schouwenberg attributed to someone in the Middle East using a VPN based in the U.S working a way around the Internet filters in the country. “We're looking into sinkholing (taking control of) some of the Command and Control servers and getting data from there to have a more accurate reflection of infections,” he added.
Publish date: May 31, 2012 5:25 pm| Modified date: December 18, 2013 10:24 pm
Cyber Weapon, cyber-crime, data theft, Duqu Virus, Eugene Kaspersky, flame state sponsored, Flame Virus, Kaspersky Antuvirus, Kaspersky Lab, Kaspersky Labs, malicious software, software, state sponsored attack, Stuxnet virus