Flame Siblings Remain Undetected

Friday, September 21, 2012 @ 02:09 PM gHale

A whole family of Flame-related malware is running out in the cyber street, with much of it likely undetected as yet, said Security vendor Kaspersky Labs.

Earlier this week, Kasperksy said it detected three Flame-related pieces of malware.

RELATED STORIES
Flame Goes into Delete Mode
Saudi Aramco Back Up after Attack
Saudi Aramco Hacked
Sites Change Tactics after Attack

Kaspersky’s chief malware expert Vitaly Kamluk said analysis of the command and control (C&C) servers used by Flame’s authors indicated the extent of the cyber espionage campaign may be larger than first thought.

“The code running on the C&C server is able to ‘speak the languages’ that three other malicious applications can understand and those applications are not Flame,” said Kamluk.

“We have confirmed that at least one of those three has spread as we have registered an incoming connection on our sinkhole server from a machine that ‘speaks’ one of these new ‘languages’ (communication protocols).”

Kumlak said there are likely more than the three new Flame-level threats currently operating undetected in the wild.

“It is very possible there are more variants. They started building RedProtocol, yet another ‘language’ for unknown malware. No known client types are using that one, which means that there is even more malware out there,” said Kumlak.

“It means that Flame is not the only one in this big family,” he said. “There are others and they aren’t just other known malwares such as Stuxnet, Gauss or Duqu.”

Last May, Kaspersky found Flame, a computer virus with data-snatching capabilities, not only hitting machines in Iran, but elsewhere in the Middle East, and was “20 times larger than Stuxnet.”

While the true call of duty for Flame remains a bit muddled, its creators did order infected computers still under their control to download and execute a component designed to remove all traces of the malware in a move to prevent forensic analysis, Symantec security researchers said.



Leave a Reply

You must be logged in to post a comment.