"Flame" Virus Freaking Out Cybersecurity Personnel Worldwide

 Pages 1 2 NEXT
 

"Flame" Virus Freaking Out Cybersecurity Personnel Worldwide

image

A new cyberweapon has been dragged into the light, and it's a biggie.

Despite what the delightful narrator from Fallout has to say on the subject, war is indeed changing. Incursions into the territory of a sovereign state no longer necessitate the use of spies and armies; technology has taken the mantle, leaving behind traces of code in the places formerly occupied by whispers and manila envelopes. The sneakiest weapon in this new kind of war is the data-stealing virus, and the world's all up in arms about one in particular this week: Flame.

Flame is a nasty piece of work. After infiltrating a machine - which it can do by masquerading as a Windows Update packet or via other means - Flame has the capacity to raid the infected machine for data, keystrokes, and audio files. It takes screenshots every 60 seconds when the computer is running normally, or one every 15 seconds when the user has Outlook, email, or an instant messenging service open. It can infect microphones, collecting audio data from Skype calls and other computer-based chat services. It can even turn Bluetooth-enabled machines into beacons, using this platform to collect contact information from other Bluetooth devices in the vicinity.

All of this gathered information is stored by the virus and then sent off to the attackers' command-and-control servers for, one presumes, human investigation.

I know, right? Pretty serious stuff. So far as cybersecurity experts at Kaspersky Lab have been able to determine, Flame has been used primarily to infect computers in Iran, the Israeli Occupied Territories, Sudan, and Syria. Customers of cybersecurity firm Symantec have reported instances of Flame from Hungary to the United Arab Emirates, maintaining the malware's focus on Middle Eastern devices.

These facts, coupled with Flame's incredible scope and complexity, have led researchers to conclude that the virus is part of a state-run cyberwarfare operation, something akin to the Stuxnet and DuQu cyberattacks levelled at Iranian centrifuges by the United States in 2009-10.

"Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide," said Eugene Kaspersky, CEO and co-founder of Kaspersky Labs, in a statement on Flame. "The Flame malware looks to be another phase in this war, and it's important to understand that such cyber weapons can easily be used against any country."

So who set the Flame free, then? Two main teams have so far been pegged as the creators of the malware by various commentators: Team U.S./Israel, and Team China/Russia. While some analysts at Kaspersky believe the former to be responsible, cyberwarfare author Jeffery Carr thinks the latter has more to do with it.

Regular Windows users will be pleased to hear that since the Windows Update exploit was discovered, Microsoft has started working on ways to close the gap. Meanwhile, the Iranian Computer Emergency Response Team posted on its blog this week that it has developed software capable of detecting and removing Flame from infected devices. It said that this software was distributed to select organizations at the beginning of May.

While it's pleasing that security steps are ostensibly being taken to protect users from Flame, full comprehension of the malware may be a long way off. "It took us half a year to analyze Stuxnet," said Alexander Gostev, chief security expert at Kaspersky Lab. "This is 20 times more complicated. It will take us 10 years to fully understand everything."

Expect to hear more about this particular cyberweapon as more analysts dissect it and learn its secrets. In the meantime, enjoy having an excuse (however brief) for distrusting Windows Updater. Or was I the only one?

Source: Wired

Permalink

image
I will never be brave enough to use the internet again...

This takes flame wars to a whole new level.
Sorry I could not resist.

Hevva:
Expect to hear more about this particular cyberweapon as more analysts dissect it and learn its secrets. In the meantime, enjoy having an excuse (however brief) for distrusting Windows Updater. Or was I the only one?

Right as I read this, my Windows "You have new updates" box popped up.

Le sigh.

Anyways, this is scary. I hope Microsoft removes the updater loophole quickly.

Good thing i never update Windows, damn things always did it during gaming sessions.

Oh god! Windows installed some updates as I turned of my computer last night!

FFFFFFUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU-

imnotparanoid:
image
I will never be brave enough to use the internet again...

Basically, this. I'm damn near about to piss myself knowing that my machine can fucking catch it just by using Windows Update.

The fact that this thing can listen in on my Skype calls or my emails just makes me think "This is the PATRIOT Act all over again." As such, I'm slightly leaning toward the U.S. government having something to do with this. Also, it's been primarily infecting Middle Eastern systems. Coincidence? I think not.

Writing something that complicated without Microsoft giving acces to it's own systems to better hide the virus? I doubt it...

And who would posses the legal power to make Microsoft do that?

imnotparanoid:
image
I will never be brave enough to use the internet again...

Don't worry it has to be physically installed onto the server first, and I doubt Mossad has any interest in what porn sites you're visiting or your Max Payne 3 saves.

Grimh:
Oh god! Windows installed some updates as I turned of my computer last night!

FFFFFFUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU-

Oh noes, me too :(

I hate reading shit like this as I always get overly paranoid, especially as Windows installed an update last night O_o

reminds me of this
http://www.youtube.com/watch?v=BmRpLLs7SNE
i still play that game.

My Windows updater is bothering me right now.

...great fucking timing.

I'm amazed Burger King hasn't stepped up with some sort of flame broiled product tie in.

That's really incredibly terrifying.
Well, time to go into panic mode and accept no updates from Microsoft.

imnotparanoid:
image
I will never be brave enough to use the internet again...

Your comment.

Your avatar.

Glorious!

image

Crap my Pc install an update yesterday. Still this virus sound scary when it is used in the wrong hand or paranoid people who want to spy on me.

Now I'm glad I never update Windows on my laptop...

imnotparanoid:
image
I will never be brave enough to use the internet again...

Don't worry, the UK gov's got it covered. That's why I'm studying a uni course barely 2 years old.

Cybersecurity and Forensics - The Ying to the Cyber-Crime/Warfare/Terrorism Yang.

It's awesome. I get taught to comb over computers for malicious data, information and criminal activity, and counter-hack and stuff that I'd prefer not to go into detail.

When I graduate, I will make the internet and electronic infrastructure safe for you to use. HELL YEAH.

Currently, you can only get this virus if you plug in an infected USB flash storage device. Though that's not to say there aren't undiscovered variant floating around the internet.

Isn't it ironic how my old, slow PC freezes for a half-second at a time, every minute? Who knows why I would be infected, I'm a do-gooder with good morals!

We need to start punishing the people that actually do spy on us using stuff like this. For those of you who've already installed recent Windows updates, I recommend leaving some sort of vile, disgusting porn on that Yahtzee wouldn't even want to watch. Imagine, having to sit at a computer watching something like that for an entire work day. Make them pay for stuff like this >:D

Hevva:
maintaining the malware's focus on Middle Eastern devices.

So, the malware has mostly been on stuff in the Middle East?

If that's true, I'm not gonna worry very much.
Still, one can't help but worry a bit...

Wow, as terrible as this virus is, I can't help but feel amazed at the sheer scope and awesomeness of its capabilities.

Inside I'm saying "Wow, now THAT'S a virus."

Everyone who's afraid of using WU:

You can more or less relax. This hasn't been targeted at you yet and cannot spoof WU unless you are already compromised by something else, in many affected system's cases an infected USB flash drive.

Microsoft has released an update to partially fix this problem, which may just be the update many of you saw "last night" or "while I was reading this". It's KB2718704. If you've got it, then you're probably OK until they come up with a more permanent solution.

TBH theres a lot of hyperbole in the OP. It has freaked out companies such as Kaspersky as they've only just been able to pick it up. And to those of you who don't do windows updates, don't be stupid as you generally are leaving more security gaps and exploits open for other attackers or malicious code to take advantage of and in fact that's one of the ways I think flame can spoof being an update, as the outdated update program's certificates (essentially confirmation that the program you're downloading is the one you've requested) may wrong or out of date.
If you are scared about getting various baddies through a windows update I'm fairly sure windows has a database of the available updates, which may help you comb out some of the more obvious ones.

Hope that makes some people feel better, just be careful

Oh my god people. This was a pretty obviously a successful attempt at spying on foreign governments. I really don't think they would waste the manpower to make a virus that complex to check up on your porn or gaming habits.

http://support.microsoft.com/kb/2718704

Guys, install KB2718704. You need it.

I read all windows update descriptions and chose what to install. yesterday a update poped up with "certificate unverifier" and along those lines and my thinking was "i dont want microsoft to have its say about what certificates i trust, to hell with it" and so i avoided the virus :D

Dear person who goes through the screenshots that this virus collects,

If I did acquire this virus somehow (probably from the dodgy porn sites, between you and me), then I would like to inform you that I'm about to take you on the most wild internet ride of your life. If your boss catches you seeing this crap you'll very likely get fired. And if you happen to be a terrorist then, well, I assume being fired has a much more literal meaning. You will be shocked and appalled is what I'm getting at.

Let's get to it shall we?

I really, really don't think you need to be worried about a military-grade virus infecting your computer, guys.

Glad the only thing I ever use Windows for is Steam (and that I haven't had the updater on for months...)

Bond is out of a job it seems

So a virus that passes itself as a windows update can be patch by installing a windows update?

do i update? Do i dont? Do i update? ...

image

I've always pretty much assumed that whatever email I write and whatever strange things I look for on a Google search--there is someone and probably multiple people that have access to it, if they were in a mind to read it.

For most of us, they are going to be searching for key words to send us the right advertisements. If other than that you mostly obey the law, nobody is going to care about what you write or what you say. Just be mindful around online banking.

the obvious defense against this is to just leave your computer on when you sleep, with lemonparty open on your browser. Full screen.

Imagine being the guy who would have to go through all 8-12 hours of that. If you open an IM in the background, that's 4x60x8= 1920 screenshots. They'd probably get to about 12 and skip to #200, skip to #1000, and then just quit their job.

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Registered for a free account here