Entries with tag malware forensics.

Researchers Reveal New Details about Flame’s Malicious Capabilities

Security researchers have provided new information about the innovative approaches the sophisticated Flame malware used in its attacks on computers in the Middle East earlier this year. Analysis by researchers from Kaspersky Lab, Symantec, CERT-Bund/BSI, and the International Telecommunication Union’s Impact Alliance showed that Flame’s creators disguised the malware’s command-and-control servers as content publishing platforms that ran a fake content-management application. This allowed it to run without attracting attention because it resembled an operation that a news operation or blogger might use. The researchers say the Flame campaign started as early as 2006 and included the creation of at least three other pieces of malware that have yet to be discovered. The attack was also more widespread than previously believed and infected perhaps as many as 10,000 machines. Forensics revealed the names or code names of four of Flame’s developers. In May Kaspersky Lab reported it had discovered the Flame virus—which it describes as part of an espionage toolkit—after the United Nations’ International Telecommunications Union requested help with computer infections targeting Iran’s oil ministry. Flame attacks carefully selected computers, steals data, and opens a backdoor to infected systems that the hacker can use to update the malware. Researchers say the malware is so complex, they might need a decade to analyze it. (Ars Technica)(Reuters)(Wired)(Kaspersky Lab Threatpost)(Computing Now NewsFeed – 29 May 2012)

Showing 1 result.