Kaspersky: Flame Has Three Unidentified Malware Siblings

There are at least three more viruses related to Flame that have not been found yet.

In a rather comprehensive analysis, the security experts at Kaspersky published new and additional information about the timeline of the Flame virus, its control mechanism and servers as well as the fact that there are more viruses that have yet to be found. It appears that Flame was managed via a web-based control panel called "newsforyou", a name that is commonly used for admin panels by content monetization services. Once in the admin system, Kaspersky found a relatively simple control panel that revealed command capability, as well as access to stored stolen data. In its simplicity, the panel looks very generic, but purpose-focused without typical hacker gimmicks and graphics. In its appearance it is rather inconspicuous.

"The [command and control] developers didn't use professional terms such as bot, botnet, infection, malware-command or anything related in their control panel," Kaspersky said. "Instead they used common words like data, upload, download, client, news, blog, ads, backup etc. We believe this was deliberately done to deceive hosting company sys-admins who might run unexpected checks."

Kaspersky found in its investigation that Flame is much older than originally believed, with some files dating back to 2006. At least four different developers, which left traces of their online names, worked on Flame. Most interestingly, Kaspersky found hints of three more viruses, abbreviated as SP, SPE and IP. None of these viruses have been discovered yet and at least one of them is believed to be still in operation today.

Flame itself has been very damaging to the victims and potentially very beneficial to the attackers. About 5.5 GB of data was extracted on a weekly basis. The server logs of one of two servers showed 3,702 computers were infected in Iran, 1,280 in Sudan. Infection rates in other countries were below 100 each. Kaspersky estimates that more than 10,000 computers were infected in total. In its conclusion the security firm said that the analysys is "reaffirming [Kaspersky's] initial conclusions that Flame is a nation-state sponsored attack. Based on the code from the server, we know Flame was a project from a list of at least four. The purpose and nature of the other three remain unknown."

 

Contact Us for News Tips, Corrections and Feedback

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
9 comments
    Your comment
  • A Bad Day
    So, will critical infrastructures (including hospitals) get Friend or Foe Identification?
    0
  • A Bad Day
    Will Cyberwarfare eventually become destructive as EMP weapons or even nukes?...
    0
  • A Bad Day
    Why does this website take so long to update the comment section?
    -1