The security community has been tuned this week with the discovery of a new malware, Flame. It is a cyber weapon from the same family with Stuxnet and Duqu. Flame is a backdoor with 3000 lines of codes making it too difficult to be analyzed. It is a backdoor , a Trojan with worm capabilities. It infects system through the MS10-033 vulnerability, though it has not yet been confirmed. The post infection phase is rather common, Flame sniffs the network traffic, takes screenshots and record audio conversations and send it to the command-and-control servers. The perpetrators of this complex software can upload further modules to improve the functionality. Another surprising feature is the capability to turn on Bluetooth feature if present in the infected machine, allowing the discovery of other machines nearby.Flame’s code has been written with LUA programming language integrating compression libraries (Zlib) and databases (sqlite3). Kaspersky lab has a detailed analysis of the code here. According to BBC The source of the attack has been pointed to ISRAEL which later denied any implications. Skywiper has been diagnosed by the University of Technology and economics at Budapest as an hidden virus that was not like any others.
Published by Guy Ngongang on information security
I am an Information security Engineer with a strong background in network and Cloud computing. I have done work With FTK imager and enjoy improving my know-how in my spare time. My aim is to fight cybercriminal and help end users to enjoy the Internet freely View more posts