Flame is state-sponsored malware, connected to Stuxnet

Flame, a malware detected just recently, spreading havoc all over, currently flagged to be one of the most complex ones ever, has been targeting computers running Microsoft Windows operating system in the Middle East nations. CERT had announced it’s discovery on 28 May 2012, and it was categorized as ‘highly dangerous’. The code of the malware was so complex that analysts suggested it’s probability of being a state-sponsored attack (similar to Stuxnet) to be near unity.

Though there were only vague speculations till now about the connection between Flame and Stuxnet, recent findings by security experts at Kaspersky revealed that Flame had it’s origins in the Summer of 2008. Actually, Stuxnet, which emerged an year later had borrowed pieces of code from Flame. Discovery of many similarities in the working of both have also led to the strengthening of the visibility of the links between the two, with security experts currently speculating that both might have been developed by two independent teams, working on from late 2007.

According to Kaspersky,

Flame can’t be cataloged as being a worm or a backdoor. Instead, it’s more like a “sophisticated attack toolkit” that is a backdoor and a Trojan with worm-like capabilities.

The amount of time put behind Flame has also amazed the analysts, with them noting the possibility of Flame being the work of a cyber-criminal organization. But security experts have not yet been able to trace the creators of the malware, though it has been named to be a ‘state-sponsored attack‘. With Flame coming out as a hot topic in the recent headlines for almost a month, the speculations on it seems to have also increased fear of the common users (probably for a good reason). But recent updates to the databases of your security software is expected to keep you safe. Many security firms have also released Flame removal tools.

But still, it is so amazing a fact that Flame has been evading all the anti-virus softwares for more than 5 years. What do you think about these recent outcries about Flame? With even the anti-virus software vendors accepting that they have not been able to detect Flame for many years, does that bother your expectation of a ‘safe tomorrow’ for your computer?

Image Credit: Kaspersky

[via Softpedia | Image credit: Kaspersky]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

13 comments

  1. newJason

    @Rob (Down Under):

    Hi Rob.
    Most e-mail attack vectors that are email based are executed when clicking on a link in an email message.
    Typically that will take the user to an infected site or what have you.
    There are in fact other ways to become infected through email attacks.
    One is popping up a dialog box that is linked to a mailware that needs permission to do what it does.
    You may see a message box and it can say anything or nothing at all, but it is easy to set these boxes to return a “yes” or “true” to the program, even if you click “ok” or No or just by clikcing X to close the box. that will begin the infection. Although that attack mostly comes from web sites.
    There are attacks that I am aware of that use a java ad inside the mail program itself, and for a while was infecting yahoo mail users. Avast blocked this particular one for me.
    User interaction is not needed in this attack – infection begins just after poisoned ad is loaded by the browser –

    https://blog.avast.com/2010/02/18/ads-poisoning-%E2%80%93-jsprontexi/

    there are a lot of little malware spyware and crapware programs out there and their attacks are becoming more and more clever.

    to answer your question, at this time, I am not aware of a way you can become infected by NOT opening an email.
    This may change at any time, so just be carefull.

    If you follow the steps of safe computing, you will keep your chances of becoming infected pretty low.

    I personally was affected with what I believed to be a server side script in the Hotmail servers and my account was sending spam to all my contacts every day., I changed passwords, did not help, some one at microsoft did finally admit that hotmail had been compromised but by then the damage was already done.
    They had some bad problems and Are really slow at fixing them I am sorry to say.

    http://www.whitec0de.com/new-hotmail-exploit-can-get-any-hotmail-email-account-hacked-for-just-20/
    http://nakedsecurity.sophos.com/2012/04/27/microsoft-rushes-out-fix-after-hackers-change-passwords-to-hack-hotmail-accounts/

    they did fix this, but no sooner had they fixed this exploit, then another more serious one appeared.
    still waiting to get back my hotmail account :(

  2. Rob (Down Under)

    @Suze:
    Thanks, that was my understanding.
    On a related note, I have the extension MailHops in Thunderbird, which allows you to click and see a map of the world with a red line going back to the country the email came from.

  3. Suze

    @Rob (Down Under): I’m not @newJason, but you cannot get attacked by just opening an email (i.e., clicking on it). One has to click on a link within the email, or open an attachment to the email to get attacked.

    If I’m not sure of the sender (oftentimes I get emails from “Facebook” or “LinkedIn” that are actually fake), I’ll hover my mouse over any links within the email to see what the URLs are (they show in the lower left of the screen) to confirm that the email is bogus. Note: some of the URLs may be legit, but others won’t be.

  4. Rob (Down Under)

    @newJason:
    Every so often, I snap briefly out of my lethargy to Google to see if one can get attacked by just opening an email, OR does one have to click a link OR open an attachment to get attacked.
    I never got a clear answer on that.

    Do you have the answer ?

  5. newJason

    @Jon Steedley:

    Hi Jon,
    I have a pretty good idea what happened.
    You did something you should never do…
    open an email that you so not know FOR SURE it’s origin or it’s author.
    Most likely someone guessed your password, or you inadvertantly gave it somewhere. Or they guessed the answer to you secret question and reset i. Scripts can do this in many ways, but the most easy is usually done with SPAM, NEVER Click a LINK in any email message.

    perhaps, there was also a dialog box that popped up and said something like,
    bla bla bla
    OK CANCEL

    You should always adhere to Safe Computing Practices while on the internet, or anywhere for that matter..
    That involves :
    1. Keeping your OS updated with the latest updates.
    2. Using an *Anti-Virus* product and keeping it updated, daily and Scan Often.
    3. Using an anti Malware product with the latest definintions and scanning often.
    4. Never open any email that you do not recognize as safe. That means If you did not know it was coming, don’t open it, delete it.
    5. Never install any software without reading everything you are presented with. And Read the EULA.
    If you don’t understand it, don’t install it.
    6. Being smart and not visiting sites on the net that are known vectors for malware and phishing.
    Example: Pron sites, hacking and warez sites, forums that deal with illeagal and un ethical topics.
    7. Never click any messaage you do not understand or a message that you do not know where it came from.
    8. Use Encrypted SSL (Secure Socket Layer) protocall on the sites you do visit. Like google and facebook.. login pages, you should see https :/ / yoursite .here . com , the (s) after the http means that you are on a secure encrypted socket with that web site.
    9. Do not use the internet while logged on as an ADMINISTRATOR account.
    10. Use Strong Random Passwords, at least 10 charachters, combinations of numbers and letters and symbols, upper and lower case. For this, Use a Password Manager.

    Read up on security, be smart, and don’t click what you don’t understand. If you do that, your chances of being hacked are greatly reduced.
    Read Dot Tech’s security articles, they are a perfect resource for learning about security and following safe browsing practices.
    Be safe and be smart.

  6. Jon Steedley

    RE: My “expectation of a ‘safe tomorrow’ for [my] computer?
    NONESUCH!
    Never had it, never will, because the vast majority of software is just too, too poorly written to ever be ‘safe’.
    On 06/03/12 I received notice that my account at broad_band@yahoogroups.com was terminated,
    because I was “sending spam to the … list”. NOT TRUE!
    NEVER SPAMMED!
    But I *did* open an email that was the same as the one I was accused of SPAMMING w/.
    The result was that now all my addresses were receiving the same SPAM.
    Which is pretty weird, because it was a yahoo webmail account that was hacked.
    I still don’t know how it happened,
    but I can’t help thinking that it might have been a script that ran when I opened that email,
    and that accessed my yahoo.com contacts, sending the SPAM to all of them.
    I’ve saved the ‘bounced-back’ messages, on the off chance that they could be used as forensics,
    to figure out how this hack worked.
    One list member wrote;
    “the message from JS is not a spoof but most likely a result of his account being hacked
    because it was sent from Argentina from an address that is subscribed to this Yahoo! Group.”
    The worst thing is I’ve got to backtrack everyone on the SPAMS w/ apologies, because I got hacked.
    Any ideas on how this happened?
    Shoot’em to me at .
    TIA
    Have a GREAT day, neighbors!

  7. Godwin
    Author/

    @Mags:
    Yes, there’s all probability for Flame to have been sponsored by the two nations.
    Actually, it is the knowledge that Stuxnet was developed by US-Israel targeting Iran, that lead analysts to the speculations of the origins of Flame.

    @Injeun:
    It’s actually still a very hot topic (it was first detected on 28 May 2012). Information about it has just started unravelling. ;)