Security players fan Flames of complex malware risk

Kaspersky claims Flame malware has been "in the wild" since 2010.

Virus alert

Kaspersky has described the newly-discovered Flame malware as one of the most complex pieces of malicious software in the history of cybercrime.

The Russian anti-virus vendor claims the malware can steal information from targeted systems, stored files, contact data and audio conversations, and described it as a tool for "cyber espionage."

Due to its extreme complexity, plus the targeted nature of the attacks, no security software detected it.

The wide variety of data it can steal has led Kaspersky to describe it as "one of the most advanced and complete attack-toolkits ever discovered."

The firm claims to have uncovered the software following an investigation into another type of malware called Wiper that has been credited with erasing data from a number of computers in Western Asia.

"During the analysis of these incidents, Kaspersky Lab's experts came across a new type of malware, now known as Flame," explained the company in a blog post.

"Preliminary findings indicate that this malware has been in the wild' since March 2010...[and] due to its extreme complexity, plus the targeted nature of the attacks, no security software detected it."

The malware is thought to operate by stealing data from infected machines, which is then passed onto a network of command-and-control servers located across the world.

"The exact infection vector is still to be revealed, but it is already clear that Flame has the ability to replicate over a local network using several methods, including the same printer vulnerability and USB infection method exploited by Stuxnet," said the blog post.

Compared to Stuxnet, a piece of malware that emerged in 2010 with the capability to stage four zero-day attacks at once, Flame is around 20 times larger.

"What is known is that it consists of multiple modules and is made up of several megabytes of executable code in total, meaning that analysing this cyber weapon requires a large team of top-tier security experts and reverse engineers with vast experience in the cyber defence field," the post concluded.

David Harley, senior researcher at internet security vendor ESET, said the malware is also understood to have attacked systems in Western Asia and Eastern Europe.

"Perhaps the most interesting feature is that the Iran National CERT has volunteered to share samples with security vendors, despite the fact that many software vendors (notably those headquartered in the US) are unable to trade legally with Iran," said Harley.

"This restriction may have hampered initial detection of the malware by security vendors outside the region, but samples have subsequently trickled into the mainstream via secondary sources."

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Solving cyber security's diversity problem
Careers & training

Solving cyber security's diversity problem

5 Jan 2022