A small Look at FLAME , SKYWIPER

Image

The security community has been tuned this week with the discovery of a new malware, Flame. It is a cyber weapon from the same family with Stuxnet and Duqu. Flame is a backdoor with 3000 lines of codes making it too difficult to be analyzed. It is a backdoor , a Trojan with worm capabilities. It infects system through the MS10-033 vulnerability, though it has not yet been confirmed. The post infection phase is rather common, Flame sniffs the network traffic, takes screenshots and record audio conversations and send it to the command-and-control servers. The perpetrators of this complex software can upload further modules to improve the functionality. Another surprising feature is the capability to turn on Bluetooth feature if present in the infected machine, allowing the discovery of other machines nearby.Flame’s code has been written with LUA programming language integrating compression libraries (Zlib) and databases (sqlite3). Kaspersky lab has a detailed analysis of the code here. According to BBC The source of the attack has been pointed to ISRAEL which later denied any implications. Skywiper  has been diagnosed by the University of Technology and economics at Budapest as an hidden virus that was not like any others.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s