Sign In

Communications of the ACM

ACM TechNews

'flame' Malware May Have Siblings, Study Finds

View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook

The malware is said to have infected more than 600 specific targets.

Credit: Kaspersky Labs

A new Flame malware report suggests that the malware's command-and-control (C&C) interface was made to manage at least four different types of malware, meaning that there may be at least three more pieces of malware from Flame's creators in the wild that remain undetected or unactivated.  

The report, co-authored by Kaspersky Lab, Symantec, the International Telecommunications Union's IMPACT research team, and Germany's Federal Office for Information Security and Computer Response Team, closely examines Flame and its C&C functions.

Although Flame was first detected in the wild in 2010, the report says their findings suggest the malware may have been developed as early as December 2006. The report notes that Flame's C&C system was cleverly disguised to look like a more benign content management system, with options such as "upload" and "blog" featured in its user interface, likely as a ploy to trick suspicious system administrators that might stumble upon it.

The report claims that researchers actually found nicknames of at least four of Flame's developers attached to timestamps within the malware's code. While the report does not reveal the nicknames, nor the tentative identities of the four developers, it does suggest that they include a project leader and an expert on advanced cryptography.

From IDG News Service
View Full Article

Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA 


No entries found