A Brand New Malware “Flame” Recognized by Kaspersky
Researchers at Kaspersky Lab disclosed a huge cyber threat called flame that is targeting Middle East and African countries which include Iran, Syria, and Saudi Arabia. This malware is awarded as the most sophisticated cyber weapon yet unleashed.
Kaspersky analysis of the malware exposed that it is a attack toolkit, it is a backdoor; a Trojan and it has a worm like features, permitting it to copy in a local network and on removable media if it is commanded so.
However, the entry point and method is uncertain. It started traffic and can perform other activities such as taking screenshot, recording audio conversation and intercepting the keyboard once the malware entered the network
Interestingly, flame is most big as compared to duqu and stuxnet, which is around 500KB in size were already considered huge by security experts.
Vitaly Kamluk, Chief malware Expert at Kaspersky Lab, said that the size of all flame components collectively add up to over 20 MB and one file in particular measures around 6 MB alone, as published by pcworld.com on May 29, 2012.
The reason for flame being the biggest is that it contains lots of different libraries, e.g. compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), collectively with a LUA virtual machine, Kamluk said, as published by pcmag.com on May 28, 2012. LUA is a programming language and is rarely found in malware.
A security expert, Alexander Gostev said: generally, modern malware is written in compact programming languages and is small, that makes it hidden, as published by pcmag.com on May 28, 2012. The practice of concealment via large about of code is one of the specific new features in flame, Gostev explained.
And also the finger of suspicion for stuxnet was directed at many suspects, including U.S and Israeli intelligence agencies. Mr. Kamluk said that there is no proof to blame anyone for the flame, and it was pure assumption to attribute blame, reported wsj.com on May 28,2012. A lot of text strings we have been able to extract are written in very good English, but that does not tell us very much, he concluded.
Related article: A New "Blackmailing" Variant Creeps Around…
» SPAMfighter News - 05-06-2012