New
#1
Thanks, I was just going to post this as well. A different article by the same writer. http://finance.yahoo.com/news/powerf...135931201.html
Security experts have discovered a new data-stealing virus dubbed "Flame" they say has lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.
It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab's work were made available on Monday.
Powerful "Flame" cyber weapon found in Middle East - Technology & science - Security - msnbc.com
Thanks, I was just going to post this as well. A different article by the same writer. http://finance.yahoo.com/news/powerf...135931201.html
The researchers say they don’t know yet how an initial infection of Flame occurs on a machine before it starts spreading. The malware has the ability to infect a fully patched Windows 7 computer, which suggests that there may be a zero-day exploit in the code that the researchers have not yet found.Flame appears to have been operating in the wild as early as March 2010, though it remained undetected by antivirus companies.
Source: Wired
edit - thanks for moving my post to this thread - I did a forum search but failed to find mention of the story.
...still on vacation, but with all the rain, I've had some reading time. Biggest point of this is; between Flame and Stuxnet both being, what, 5 years old...
You gotta wonder, what's been planted since?
Great reading.
UPDATED: Cyber Espionage Reaches New Levels with Flamer
Removal Tool in link
SourceDownload the 32-bit or
the
64-bit
removal
tools and find out if you’re infected with Flamer, the world’s
most discrete and dangerous piece of malware ever. If you are already protected by a Bitdefender security solution, you do not need to run the removal tool.
Update 2: As we’re digging into Flamer.A, new details about the piece’s modus operandi surface. The team working on it have uncovered that several components use an internal list called NetworkTypeIdentifier. This list references high-profile web sites such as *.overture.* , *.gmail.*, *.hotmail.* , *.bbc.co.* , *.bbc.co.* that are probed in order to get information about the bandwidth capabilities of the connection. However, the list also references three Iranian websites (*.baztab.* , *.maktoob.* , *.gawab.*) , which confirms once again that Iran was one of the designated targets.
Closer inspection of the EUPHORIA module revealed that it controls the spreading mechanism via USB sticks. The USB spreading capabilities are re-enforced with a secondary component called AUTORUN_INFECTOR that is being used to exploit the operating system’s Autorun feature.
[fragment of the configuration file for the EUPHORIA module]
EUPHORIA.PayloadNamesList.1.data.PayloadName string Lss.ocx
EUPHORIA.PayloadNamesList.2.data.PayloadName string System32.dat
EUPHORIA.PayloadNamesList.3.data.PayloadName string NtVolume.dat
Everything You Need to Know About Flamer.A – World’s Most Sophisticated Cyber-Weapon
SourceIn 2010, the world stopped spinning for a moment, as evidence of a highly complex piece of malware hitting a nuclear research facility in Iran started to emerge. Two years later, the discovery of another e-threat shows that the team behind Stuxnet and Duqu had another offspring that was even more complex and persistent.
A Guy
Computer virus briefly hits Iran's oil industry
TEHRAN, Iran (AP) — Iran's key oil industry was briefly affected by the powerful computer virus known as "Flame" that has unprecedented data-snatching capabilities and can eavesdrop on computer users, a senior Iranian military official said Wednesday.
Computer virus briefly hits Iran's oil industry - Yahoo! News
Brilliant, such a dangerous weapon it sat on computers for 5+ years doing nothing, not even alerting anyone to it's potential existance. Flame? no, damp squibb.