Disastrous MiniFlame: A New Version of Flame Virus

Security researchers have discovered a new virus with ties to the Flame and Gauss malware. According to kaspersky Lab, its recent discovery has "several similarities to Flame," encouraging researchers to imitate it miniFlame/SPE.

Though MiniFlame is based on the Flame platform, it can be implemented as an independent module. According to Kaspersky claims in a blog, MiniFlame can function either solely without the need of main modules in the system, or as a part controlled by Flame.

Kaspersky also announced that though MiniFlame was originally created in July 2012, it was apparently been under development since many years.

It's quite fascinating that six variants of the new virus have already been discovered and still there is a fair chance that many more would be still there. Till now, the rate of infection is also quite meager in comparison to Gauss and Flame. An estimated 50-60 computers across the world seems to be infected with MiniFlame, with most of them being found in Lebanon.

This probably hints at most well sorted out an attack with a highly targeted tool MiniFlame, as it might be implemented with a specific focus towards attacking specific targets to result in specific affect, as noted on a blog posted on Securelist.

MiniFlame is employed as a backdoor to retrieve any file or create screenshots from an infected machine while the computer is running a Web browser, Office application, Adobe Reader, instant messenger service or FTP client, claimed Kaspersky. The collected information is then stolen either on a command-and-control server, or one of the Flame C&Cs. However, the malware can also infect a machine via another module, which attacks the USB drivers, by using them to store data if a machine is running offline.

The discovery of MiniFlame not only reinforces the theory of a connection between the teams that developed Gauss and Flame, but it also shows that the cybercriminals might have planned out their operations to take place in waves.

Kaspersky researchers concluded that the malware were implanted with a mission to firstly infect a targeted mission, collect information from the specific computers and find the most interesting targets. Finally, a specialized spy tool, such as SPE/miniFlame is deployed to conduct surveillance/monitoring towards these selected targets.

Related article: Digital Criminals Hone Their phishing Skills

» SPAMfighter News - 10/24/2012