Kaspersky: Flame Has Three Unidentified Malware Siblings

News
By published

After discovering that the authors of Stuxnet and Flame have been in contact and both malwares have been, most likely, been developed under government authority, we learned today that the rabbit hole is much deeper than we thought.

There are at least three more viruses related to Flame that have not been found yet.

"The [command and control] developers didn't use professional terms such as bot, botnet, infection, malware-command or anything related in their control panel," Kaspersky said. "Instead they used common words like data, upload, download, client, news, blog, ads, backup etc. We believe this was deliberately done to deceive hosting company sys-admins who might run unexpected checks."

Kaspersky found in its investigation that Flame is much older than originally believed, with some files dating back to 2006. At least four different developers, which left traces of their online names, worked on Flame. Most interestingly, Kaspersky found hints of three more viruses, abbreviated as SP, SPE and IP. None of these viruses have been discovered yet and at least one of them is believed to be still in operation today.

Flame itself has been very damaging to the victims and potentially very beneficial to the attackers. About 5.5 GB of data was extracted on a weekly basis. The server logs of one of two servers showed 3,702 computers were infected in Iran, 1,280 in Sudan. Infection rates in other countries were below 100 each. Kaspersky estimates that more than 10,000 computers were infected in total. In its conclusion the security firm said that the analysys is "reaffirming [Kaspersky's] initial conclusions that Flame is a nation-state sponsored attack. Based on the code from the server, we know Flame was a project from a list of at least four. The purpose and nature of the other three remain unknown."

Contact Us for News Tips, Corrections and Feedback

Wolfgang Gruener
Wolfgang Gruener
Contributor

Wolfgang Gruener is an experienced professional in digital strategy and content, specializing in web strategy, content architecture, user experience, and applying AI in content operations within the insurtech industry. His previous roles include Director, Digital Strategy and Content Experience at American Eagle, Managing Editor at TG Daily, and contributing to publications like Tom's Guide and Tom's Hardware.

9 Comments Comment from the forums
  • A Bad Day
    So, will critical infrastructures (including hospitals) get Friend or Foe Identification?
    Reply
  • A Bad Day
    Will Cyberwarfare eventually become destructive as EMP weapons or even nukes?...
    Reply
  • A Bad Day
    Why does this website take so long to update the comment section?
    Reply
  • mistigrisvicar
    http://goo.gl/0Pdku
    Reply
  • jprahman
    I would expect there to be even more elements involved than what the investigation up to this point has revealed. All in all this was a pretty impressive attack.
    Reply
  • adgjlsfhk
    I'm saying Israel is behind it. Seems a lot like their type of attack. Also, their the only ones who really care about Iran's nuclear program that would not march in. I think one of the 4 was the virus that screwed up the reactors, and that this ones purpose was to track Iran's progress towards getting nukes.
    PS I am not antisemitic, I'm actually Jewish.
    Reply
  • huron
    Strange...I had read that the US worked with Israel on both Flame and Stuxnet. There was an article in the NY Times as well as other places detailing the admission of sanctioning of the Cyber Attacks.
    Reply
  • Usersname
    MOSSAD
    Reply
  • COLGeek
    Only The Shadow knows.......
    Reply