View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 21, 2012

Flame cyber malware may have its siblings targeting Iran: study

Flame is linked to more malware

By CBR Staff Writer

The Flame virus which is associated with a cyber warfare effort against Iran, developed in 2006, is considered to be linked to about three other malware programmes, according to a new analysis.

According to a report by Russian security firm Kaspersky Lab with US-based Symantec, the German computer emergency response team and the International Telecommunications Union found that the virus that attacked 1,000 systems in March could be one of four malwares created by the same developers.

All the participating security firms were allowed to access the command and control servers of Flame malware.

The report advises that the effort to create Flame has been proceeding longer than the initial expectations and has more elements, which include some that are not yet fully understood.

Kaspersky Lab chief security expert Alexander Gostev said it was problematic for the team to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers.

"Flame’s creators are good at covering their tracks. But one mistake of the attackers helped us to discover more data that one server was intended to keep," Gostev said.

"Based on this we can see that more than five gigabytes of data was uploaded to this particular server a week, from more than 5,000 infected machines. This is certainly an example of cyber espionage conducted on a massive scale."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

During the analysis, Command and Control (C&C) servers used by creators of Flame were analysed in detail.

According to the report, one of the Flame-related unknown malicious virus has been currently operating in the wild.

The analysis revealed that C&C servers were masked to be similar to a common Content Management System, to conceal the true nature of theproject from hosting providers or random study.

The firms also revealed that the servers were able to receive data from infected machines through four different protocols, with only one of them overhauling computers attacked with Flame.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.