Tuesday, May 29, 2012

Flame espionage toolkit - Flamer malware the most sophisticated cyber weapon yet unleashe

Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes

“It took us half-a-year to analyze Stuxnet,” he said. “This is 20-times more complicated. It will take us 10 years to fully understand everything.”

What should I do if I find an infection and am willing to contribute to your research by providing malware samples?

We would greatly appreciate it if you could contact us by e-mail at the previously created mailbox for Stuxnet/Duqu research: stopduqu@kaspersky.com.

Kaspersky estimates that Flame has infected about 1,000 machines
kill module, named browse32,

We have some suspicions about possible use of the MS10-033 vulnerability, but we cannot confirm this now.
Lua virtual machine
multiple versions of the malware being in the wild
authors of Flame had access to the same exploits as Stuxnet’s authors.
two modules designed for infecting USB sticks

Microsoft Security Bulletin MS10-033 - Critical
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)

The printer vulnerability MS10-061 exploited by Stuxnet

Microsoft Security Bulletin MS10-061 - Critical
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)

No comments:

Post a Comment