View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 16, 2012

Researchers discover new Flame-linked malware

The new malware, dubbed miniFlame, is a small, fully functional espionage module

By CBR Staff Writer

Security researchers at Kaspersky Lab have discovered a new malware which is based on the same architectural platform as Flame discovered in May this year to steal data from targets across the Middle East.

The new malware, dubbed miniFlame, is a small, fully functional espionage module designed for data theft and direct access to infected systems.

MiniFlame, also known as SPE, can function as its own independent cyber espionage programme or as a component inside both Flame and Gauss.

MiniFlame infections were found mostly in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

Kaspersky Lab discovered six different variations of miniFlame, all dating back to 2010-2011 and the miniFlame might have started as early as 2007, the researchers said.

Kaspersky Lab researchers said that if Flame and Gauss were massive spy operations, infecting thousands of users, miniFlame/SPE is a high precision, surgical attack tool.

According to researchers, it has been assumed that Flame and Gauss were parallel projects that did not have any modules or C&C servers in common.

Content from our partners
Five key challenges facing the fashion industry
<strong>How to get the best of both worlds in the hybrid cloud</strong>
The key to good corporate cybersecurity is defence in depth

Kaspersky said that the discovery of miniFlame, which works with both these espionage projects, proves that we were right when we concluded that they had come out of the same cyber-weapon factory.

Kaspersky chief security expert Alexander Gostev said that miniFlame is a targeted cyberweapon used in what can be defined as the second wave of a cyberattack.

First, Flame or Gauss are used to infect as many victims as possible to collect large quantities of information," Gostev said.

"After data is collected and reviewed, a potentially interesting victim is defined and identified, and miniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage."

In September this year, a report found that the Flame virus which is associated with a cyber warfare effort against Iran, developed in 2006, was considered to be linked to about three other malware programmes.

The researchers also expect that there could be a collaboration between the development teams of both Flame and Gauss as miniFlame has an ability to be used as a plug-in by either Flame or Gauss.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.