Powerful "Flame" cyber weapon found in Middle East

Britton30 · 28 May 2012

Thanks, I was just going to post this as well. A different article by the same writer. http://finance.yahoo.com/news/powerf...135931201.html

A Guy · 28 May 2012

Researchers Identify Stuxnet-like Cyberespionage Malware Called 'Flame' | PCWorld

A Guy

UsernameIssues · 29 May 2012

The researchers say they don’t know yet how an initial infection of Flame occurs on a machine before it starts spreading. The malware has the ability to infect a fully patched Windows 7 computer, which suggests that there may be a zero-day exploit in the code that the researchers have not yet found.

Flame appears to have been operating in the wild as early as March 2010, though it remained undetected by antivirus companies.

Source: Wired

edit - thanks for moving my post to this thread - I did a forum search but failed to find mention of the story.

James7679 · 29 May 2012

...still on vacation, but with all the rain, I've had some reading time. Biggest point of this is; between Flame and Stuxnet both being, what, 5 years old...
You gotta wonder, what's been planted since?

Great reading.

A Guy · 29 May 2012

UPDATED: Cyber Espionage Reaches New Levels with Flamer

Removal Tool in link

Download the 32-bit or
the
64-bit
removal
tools and find out if you’re infected with Flamer, the world’s
most discrete and dangerous piece of malware ever. If you are already protected by a Bitdefender security solution, you do not need to run the removal tool.

Update 2: As we’re digging into Flamer.A, new details about the piece’s modus operandi surface. The team working on it have uncovered that several components use an internal list called NetworkTypeIdentifier. This list references high-profile web sites such as *.overture.* , *.gmail.*, *.hotmail.* , *.bbc.co.* , *.bbc.co.* that are probed in order to get information about the bandwidth capabilities of the connection. However, the list also references three Iranian websites (*.baztab.* , *.maktoob.* , *.gawab.*) , which confirms once again that Iran was one of the designated targets.

Closer inspection of the EUPHORIA module revealed that it controls the spreading mechanism via USB sticks. The USB spreading capabilities are re-enforced with a secondary component called AUTORUN_INFECTOR that is being used to exploit the operating system’s Autorun feature.
[fragment of the configuration file for the EUPHORIA module]
EUPHORIA.PayloadNamesList.1.data.PayloadName string Lss.ocx
EUPHORIA.PayloadNamesList.2.data.PayloadName string System32.dat
EUPHORIA.PayloadNamesList.3.data.PayloadName string NtVolume.dat

Source

Everything You Need to Know About Flamer.A – World’s Most Sophisticated Cyber-Weapon

In 2010, the world stopped spinning for a moment, as evidence of a highly complex piece of malware hitting a nuclear research facility in Iran started to emerge. Two years later, the discovery of another e-threat shows that the team behind Stuxnet and Duqu had another offspring that was even more complex and persistent.

Source

A Guy

jeepmann4x4 · 30 May 2012

Is Israel behind the Flame cyber-attack? - Yahoo! News

Britton30 · 30 May 2012

And yet another... http://us.norton.com/flamer-highly-s...break_a_nam_us

Hanna 1 · 30 May 2012

Computer virus briefly hits Iran's oil industry

TEHRAN, Iran (AP) — Iran's key oil industry was briefly affected by the powerful computer virus known as "Flame" that has unprecedented data-snatching capabilities and can eavesdrop on computer users, a senior Iranian military official said Wednesday.

Computer virus briefly hits Iran's oil industry - Yahoo! News

cyclic · 30 May 2012

Brilliant, such a dangerous weapon it sat on computers for 5+ years doing nothing, not even alerting anyone to it's potential existance. Flame? no, damp squibb.

Powerful "Flame" cyber weapon found in Middle East

Powerful "Flame" cyber weapon found in Middle East

Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers