New In-the-Wild Malware Linked to State-Sponsored Flame Targeting Iran

Security researchers discover more details about the Flame malware, including the names of some of its creators.

Ars Technica: Security researchers from Symantec and Kaspersky Labs have published a joint report which sheds a great deal of new light on the Flame malware. Notably, they have discovered that the command and control servers behind Flame also supported three other pieces of malware, one of which is currently in circulation. They also found the names or code-names for four of the malware creators, as well as evidence that those creators began working on the code as early as 2006. In addition, they discovered that just one Flame server collected 5.5 GB of data from its targets over an eight-day period. "That's pretty staggering," said Symantec's Vikram Thakur. "If the attackers actually continued their operations in a similar manner or with high frequency over the past five years they probably have terabytes of information collected from pretty much whoever they chose. That's a lot of information that they could make use of. That would be every target's life history a few times over."

The report concludes, "These features are not normally found in malware created by everyday cyber-criminals, reaffirming our initial conclusions that Flame is a nation-state sponsored attack."




Tags: security, research, malware, Flame


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.