New ‘Flame’ malware discovered

Posted at 06/01/12 6:39 PM

MANILA, Philippines – Security software firm Kaspersky Lab recently discovered a new malware used as a cyber weapon to attack certain countries.

Worm.Win32.Flame or “Flame” has the ability to steal data such as e-mails, audio recordings, photos, documents, messages and discussions from infected computers.

According to Kaspersky Lab, the captured information is sent to a network of command-and-control servers located in different parts of the world.

It added that Flame is much more sophisticated than the Duqu malware, which sneaks into computers by hiding in documents such as Microsoft Word files.

The new malware is described as having “worm-like” features, and “can replicate in a local network and on removable media if it is commanded by its master.”

Flame occupies about 20 megabytes of space, which Kaspersky Lab said is rather uncommon among malware that are trying to hide themselves from being detected.

It copies radio recordings through an internal microphone, and can use Bluetooth to collect information about discoverable devices near the infected computer.

Kaspersky Lab said Flame has so far infected computers in seven Middle Eastern countries namely Iran, Israel/Palestine, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

The company’s chief executive expert, Alexander Gostev, believes that the new malware may come from a nation-state that has relations with these countries.

“There doesn’t seem to be any visible pattern re the kind of organizations targeted by Flame. Victims range from individuals to certain state-related organizations or educational institutions. Of course, collecting information on the victims is difficult because of strict personal data collecting policies designed to protect the identity of our users,” Gostev said in a statement.

“The preliminary findings of the research, conducted upon an urgent request from ITU (International Telecommunication Union), confirm the highly targeted nature of this malicious program. One of the most alarming facts is that the Flame cyber-attack campaign is currently in its active phase, and its operator is consistently surveilling infected systems, collecting information and targeting new systems to accomplish its unknown goals,” he added.