Behind the ‘Flame’ malware spying on Mideast computers (FAQ)

Login or register to post comments 249 reads   1 posts
  • Thu, May 31, 2012 - 01:55am



    Status Member (Offline)

    Joined: May 31 2012

    Posts: 4

    count placeholder0

    Behind the ‘Flame’ malware spying on Mideast computers (FAQ)

Behind the ‘Flame’ malware spying on Mideast computers (FAQ)



LV outlet uk The Flame worm that has targeted computers in the Middle East is being called "the most sophisticated cyberweapon yet unleashed" by Kaspersky Lab researchers who discovered it. Lurking on computers for at least five years, the malware has the ability to steal data, eavesdrop on conversations, and take screen captures of instant message exchanges, making it dangerous to any victim. But a possible link to malware found on computers in Iran’s oil sector has experts saying it’s got to be the work of a nation-state. CNET talked with Roel Schouwenberg, senior researcher at Kaspersky, the company that uncovered the malware, to find out who is behind it and how dangerous it really is. What is Flame?Flame is a sophisticated attack toolkit that leaves a backdoor, or Trojan, on computers and can propagate itself through a local network, like a computer worm does. Kaspersky Lab suspects it may use a critical Windows vulnerability, but that has not been confirmed, according to a Kaspersky blog post. Flame can sniff network traffic, take screenshots, record audio conversations, log keystrokes and gather information about discoverable Bluetooth devices nearby and turn the infected computer into a discoverable Bluetooth device.


LV uk sale  The attackers can upload additional modules for further functionality. There are about 20 modules that have been discovered and researchers are looking into what they all do. The package of modules comprises nearly 20 megabytes, over 3,000 lines of code, and includes libraries for compression, database manipulation, multiple methods of encryption, and batch scripting. The malware is named after one of the main modules that is responsible for attacking and infecting additional computers. There are multiple versions circulating, which are communicating with as many as 80 different command-and-control servers. Kaspersky has an updated technical analysis here and McAfee’s technical blog post is here. This report on the malware, from the Laboratory of Cryptography and System Security (CrySyS Lab) at Budapest University of Technology and Economics, refers to the threat as "sKyWIper.""Flame is very modular. Basically a target will get infected with the main component and then the attackers will only upload modules to the target as they see fit," Schouwenberg said. "We assume that we don’t have all the modules that exist in the wild."


LV replica uk How does it spread?Flame spreads within a network via a USB thumb drive, network shares, or a shared printer spool vulnerability, but spreads only when instructed to do so by the attackers. It’s unclear what the initial point of entry is. "We expect to find a spear phishing e-mail with a Zero-Day exploit," Schouwenberg said. How long has Flame been around?"We have the first confirmed report of Flame in the wild in 2010, but there is circumstantial evidence that dates it back to 2007 and some speculate it may go back further than that," Schouwenberg said Kaspersky Lab researchers discovered the malware several weeks ago after being asked by the United National’s International Telecommunication Union for help in uncovering malware dubbed "Wiper" that was stealing and deleting sensitive information on computers in Iran’s oil sector. How does Flame relate to Wiper?"Wiper could be a Flame module that is uploaded to a target machine when the attackers want to wipe the data from the computer. There is no evidence to link the two together, but the timing is coincidental," Schouwenberg said. "So, we have an open mind to Wiper being a Flame plug-in."


cheap lv handbags sale Iran’s National Computer Emergency Response Team (CERT), which is called "Maher," said software to detect Flame was sent to companies in that country at the beginning of May and a removal tool is ready now. Recent incidents of mass data loss in Iran "could be the outcome of some installed module of this threat," the center said, speculating that attacks in which data from Iran’s gas company computers may have been linked to Flame. Officials in Iran suspect that Wiper and Flame are somehow linked, the Associated Press reports. Why wasn’t Flame discovered earlier?Whoever created Flame took extreme efforts to write the code so that it would evade detection for as long as possible. "Clearly it’s another multimillion-dollar project with government funding, so one of the top priorities has been stealth," Schouwenberg said. While a later variant of Stuxnet was detected because it spread aggressively, Flame only spreads after it is instructed to do so remotely. Flame is unusually large in size and uses an uncommon scripting language, Lua, so it doesn’t look malicious at first glance. "Flame authors have adopted the concept of hiding in plain sight," he said. Because Flame doesn’t use a rootkit technology, free anti-rootkit tools won’t be able to detect it. "Finding it is going to be more complicated," according to Schouwenberg.


cheap lv bags on sale A French journalist freed by leftist rebels Wednesday said he had no complaints about his captivity other than its 33-day duration and lamented that Colombia’s war is an "invisible conflict" where the poor kill the poor.Romeo Langlois said he was not embittered, but he criticized the rebels for using his capture for propaganda purposes. They freed him on their movement’s 48th anniversary on a specially built stage, hanging pro-peace banners in this remote southern hamlet and organizing a barbecue.But the rebels and the roughly 2,000 people they convened for the handover to a humanitarian commission coordinated by the International Red Cross applauded vigorously when Langlois said he appreciated how the guerrillas "live in the mud and risk their lives."Think you know Latin America? Take our geography quiz! "They never tied me up," Langlois, 35, said of his Revolutionary Armed Forces of Colombia captors. "Rather, they always treated me as a guest. They gave me good food … They were always respectful."Langlos looked relaxed and smiled, appearing unbothered by the wound to his left arm suffered during an April 28 attack by rebels on soldiers he was accompanying on a mission to destroy cocaine laboratories.


cheap lv sneakers sale "I didn’t need this experience to know the Colombian conflict or to know the rebels. I’ve been in this a long time," Langlois said when asked what he took away from his captivity, which occurred just a few miles away. "What I take from it is the conviction that one must continue covering this conflict."He has been reporting on it for more than a decade for France24 television and the newspaper Le Figaro.It was not immediately known if Langlois, a bachelor, would fly to France to be reunited with his parents.The FARC, as the rebels are known by their Spanish initials, sent a letter with him for France’s new Socialist president, Francois Hollande.Langlois made no apologies for accompanying the military. The rebels had criticized him in an early May communique as lending himself to government propaganda by doing so."I hope the army doesn’t stop taking people to conflict zones, and let’s hope the rebels also take journalists with them to show the daily life of their combatants because this conflict isn’t being covered," Langlois said.


cheap lv pumps sale Three soldiers and a police officer were killed in the morning-long firefight that saw Langlois captured. A guerrilla commander, Calacho Mendoza, said Langlois was lucky because an AK-47 bullet entered the reporter’s left arm above the elbow and exited the forearm without damaging bone or cartilage.Langlois said he watched a sergeant die, just a meter away, during the battle.Before fleeing toward the rebels, the journalist shed his helmet and body armor that the military had provided. Mendoza said insurgents initially thought because of the military garb that Langlios could be a U.S. or Israeli military fighter.Mendoza publicly apologized Wednesday that the FARC initially referred to the Frenchman in a communique as "a prisoner of war."The delegation that received Langlois included French diplomat Jean-Baptiste Chauvin, former Colombian Sen. Piedad Cordoba and the Red Cross country chief, Jordi Raich. It arrived on rutted dirt roads from the state capital of Florencia in Red Cross vehicles and lunched with the rebels and Langlois on chicken and rice after the handover ceremony.


cheap lv loafers sale The group left shortly before nightfall, its departure slightly delayed as Langlois awaited a backpack including the diary he kept while captive.Residents of San Isidro, which lacks running water and electricity and lives off cattle and coca, slaughtered six calves for the occasion, and rebel commanders gave brief speeches, expressing their desire for peace.Langlois, who recorded the events with a small video camera, said in a brief speech from the stage that he lamented "we are at a point at which this conflict has become invisible."It is a war in which there are "neither good nor bad," and in which "the poor are killing the poor," he said.Before the handover, a public address system played FARC revolutionary songs as farmers converged on the hamlet. Theirs is a region of deep jungles, fast-moving rivers and villages that appear on no maps.Communal leaders complained of the state’s absence: the lack of health care and poor roads that prevent them from getting their crops to market.Langlois won applause when he said he understood why locals "cultivate their little bit of coca so they can buy bread and notebooks for their children."Political analyst Alejandro Vargas called Wednesday’s event remarkable because Colombians see the FARC so rarely these days, the U.S.-backed military having increasingly driven the rebels into the country’s backwaters and across the border into Venezuela and Ecuador.




Viewing 1 post (of 1 total)

Login or Register to post comments