Complex data vacuum likely government-backed

Russian security firm Kaspersky has uncovered a massive malware attack, referred to as Flame, that is believed to have gathered sensitive data from a wide array of countries, including Israel and Iran. The malware is said to be modular and expandable in a manner reminiscent of a smartphone app library. The BBC reports that the complexity of the malware has led experts to believe that it could only have been developed with the assistance of a government entity.

Kaspersky researchers were investigating another malware threat, known as Wiper, in conjunction with the UN's International Telecommunication Union. In a scan of affected systems, the researchers ran across the Flame malware, and they now believe that it has been active in since at least August of 2010.

Unlike other malware, Flame doesn't seek to cause physical damage or to steal money from bank accounts. Instead, the program logs just about everything possible on an infected system. Once present, it sniffs network traffic, takes screenshots, records audio conversations, logs keystrokes, and so on. The program's code is about 20MB in size, and researchers expect it will take years to analyze.

Flame was found to be present on more than 600 computers, ranging from individuals to academic institutions and businesses to government systems. Countries affected by the malware included Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia, Egypt, and others. Experts say the specificity of the geographic targeting of the malware, as well as the complexity of its design, lend further credence to the notion that the attack was developed with government assistance.

Kaspersky has yet to release any detailed information on dealing with a Flame infection, though it seems likely that the malware is limited to specific targets, and it may not pose much of a wider threat. In the past, other malware, such as Duqu has infiltrated networks in order to steal data, but none are said to have displayed the level of sophistication seen in the Flame code.

By Electronista Staff

Post tools:

TAGS :  

security, malware, Kaspersky, Flame