FLAME Virus - Massive Cyber Spy

[genesis11]

---

Stuxnet x20: Massive cyber spy virus 'Flame' hits Iran, Israel - YouTube

Russian cyber-security company Kaspersky Lab says the malware, codenamed Flame, is the largest and one of the most complex cyber-attacks ever discovered. It reports that the most severely affected computers are in Iran – but Israel, Syria and other countries across the Middle East have also been infected.

Stuxnet x20: Massive cyber spy virus 'Flame' hits Iran, Israel — RT

[b1 huck]

paminaw lang nako ba, murag ang nasa luyo ani kay ang mga ga develop rapud sa anti-virus... business is really a business

[genesis11]

Kaspersky: 'Flame' just the tip of the i... JPost - International

"It's not cyber war, it's cyber terrorism and I'm afraid it's just the beginning of the game ... I'm afraid it will be the end of the world as we know it," Kaspersky told reporters at a Tel Aviv University cyber security conference.

"I'm scared, believe me," he said.

.....

Security experts say Flame is one of the most sophisticated pieces of malicious software so far discovered. They are still investigating the virus, which they believe was released specifically to infect computers in Iran and across the Middle East.

Kaspersky named the United States, Britain, Israel, China, Russia and possibly India, Japan and Romania as countries with the ability to develop such software, but stopped short of saying which nation he thought was behind Flame....


http://www.geek.com/articles/news/ka...irus-20120531/

As the network security establishment continues to flail about in high alert after the discovery of the Flame malware, Kaspersky’s Vitaly Kamlyuk is talking details. Kaspersky recently revealed its research into Flame, which was first detected back in 2010. According to Kamlyuk, Kaspersky Labs came across Flame completely by accident.

Kaspersky had been asked by the UN’s International Telecommunications Union to investigate a totally different infection that was frying hard drives throughout the Middle East. That’s how Flame was uncovered, and it turned out to be substantially more interesting than what they were actually searching for.

Kamlyuk has reiterated that Flame is terribly complex for a piece of malware. The 20MB package is still being analyzed, but has been slow to reveal its secrets. The Stuxnet attack that damaged Iranian nuclear facilities last year was barebones by comparison, weighing in at just a few hundred kilobytes. Flame’s level of sophistication leads Kaspersky to assume it was built by government scientists, but no one knows which government.

Flame gathers a huge amount of data from infected systems, but it has been hard to sort out where it is all going. Dozens of control servers have been located, but the domains associated with them are registered with fake identities.

Fire steals hard drive contents, screenshots, and keystrokes. It can also use the system microphone and Bluetooth radio to suck in more data. Kamlyuk says the large volume of data being stolen is probably the limiting factor for Flame. To save on bandwidth, Flame may delete itself from systems that have been fully exploited. This is part of what made the infection hard to detect.

If Stuxnet was the opening salvo in a more intense cyberwar, Flame is a dagger in the back. We can expect more malware like this to turn up. Flame is probably yesterday’s cyber weapon, since it’s been floating around since 2010 at least. Whatever is out there now could be a much more dangerous animal.

[KlaytoN]

The Flame Virus: Your FAQs Answered | PCWorld

mao ni example sa cyber weapon initially intended to attack an entire cyber infrastructure of a country or nation, then for some unknown reason, the virus escaped into the wild and can affect anybody including the public in general. kuyaw pud diay ni pwede mu infect thru bluetooth..

Finder of 'Flame' Virus Tells Israel to "Stop Before It's Too Late" | Global Spin | TIME.com

[æRLO]

Careful mo sa inyong mga Windows update because it has tapped into security certificates for Microsoft's Terminal Server. Hijack nasad diay ang Windows Update nya naa pay signature sa Microsoft.

paminaw lang nako ba, murag ang nasa luyo ani kay ang mga ga develop rapud sa anti-virus... business is really a business

some experts believe its US made, particularly from the NSA. While some, like Kapersky has hinted that Israel is responsible.
from Symantec:

The security company noted: "One of the methods is to hijack clients performing Windows Update. Three Flamer apps are involved in delivering the rogue update: SNACK, MUNCH, and GADGET."

SNACK tended to sniff out NetBIOS requests on LANs and would then imitate a Web Proxy Auto-Discovery Protocol (WPAD) server and feed a rogue configuration file (wpad.dat) to the local network, thereby effectively hijacking it and forcing traffic to redirect to the malware-infected machine, Symantec said.

MUNCH - a web server within the Flame code - would then chow down on the redirected traffic, including matching URLs for Microsoft's Windows Update software.

The final part of the puzzle was GADGET, a module which Symantec said provided a binary signed by the dodgy Terminal Services certificate via the MUNCH web server that fooled the system into believing that it was the genuine article from Microsoft.

so far Middle-East ang concentration aning infection, pero naa sad instances gawas sa region.

[J.Abz]

this type of computer worm doesnt infect local workstation as virus has been localized and concentrated particularly in Iran's nuclear facilities....

it hijackthis the server and sends ping requests and uses the server as remote terminal to become a hosts to other servers thereby extracting the worm from one host and putting it on another... also... the remote hacker/s can inject and login to that remote terminal already. The infected servers now act as a slave to send binary bits and chunks of datas to the source of the virus

[voldemort]

Kuyawa gud diay ani.

[trax]

kuyaw kaau ni nga virus oi, pro sure ko ga buhat gyud ani mga anti virus company na, negosyo bya ni nila.

[J.Abz]

^^ no this isn't developed by any ordinary antivirus company bro...

at this ultra level hi-tech virus strain... no ordinary expert can accumulate/develop and trigger this massive virus itself.. it is a very very big virus, in size alone, it encompases tons and tons of gigabytes. Left alone it attaches to the massive core of the central network and hides there dormant until such time that the source sends another packet to activate it and sends vital info on the structure of the network that it had stick onto and at the same time, it controls any IPV4/5/6/ comports and listens intently on any bits /analogue datas it can amass.

This very smart heuristic virus is not just created by one person only.. some said that is very very technical and requires a team of computer geeks/geniuses to even design the first code of this virus. And this has been created long before already.. some says that it had been an incremental development and in stages and it started way way back 2007.

[genesis11]

Some says that Flame virus cost about $1.5 million to produce.. Obviously if so, funded by a government.

So? Hello Linux!