All the latest UK technology news, reviews and analysis

Quick guide to Flame malware attack

29 May 2012
Flame in monitor screen

The security industry has been alight with the news of the Flame malware attack on Iranian IT systems, which represents a significant advancement on the Stuxnet and Duqu attacks from the last two years.

Some security experts have claimed the Flame malware "redefines the notion of cyberwar and cyber-espionage" given its complexity and capabilities.

With so much information and conjecture circling around the development V3 aims to answer some of the key questions being asked about the newly discovered cyber weapon.

Who's behind it?
No security vendor has pointed out a single country or group as being responsible for Flame's creation.

The central matter of contention at the moment is whether the malware was made by a private group or a nation state.

Kaspersky Labs chief security expert Aleks Gostev reported in his opening blog post that he believes current evidence indicates a nation state was at the very least involved in funding Flame's creation.

"Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group," he said.

"In addition, the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it."

The only clue highlighting a specific country came from Israel's vice prime minister Moshe Ya'alon, who hinted the nation may have been involved in the attack.Flame attack regions affected in the Middle East courtesy of Kaspersky Labs

Information from Kaspersky shows that it appears Israel itself has been hit by the malware (pictured above), but this could well be blowback from its own attack as Flame can be passed on by something as simple as a USB stick, so it could easily cross into other system.

How does it work?
Flame appears far more advanced than Stuxnet and Duqu as it's a combination of different attack factors.

"It is a backdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removable media [such as USBs] if it is commanded so by its master," wrote Gostev.

Gostev has admited, though, that Kaspersky are still a long way from uncovering all its secrets and the file is a whopping 20MB in size.

"It took us several months to analyse the 500K code of Stuxnet. It will probably take years to fully understand the 20MB of code of Flame," he said.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Software
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus

Samsung Galaxy S5 video review

We break down the key strengths and weaknesses of Samsung's latest Android flagship

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Software Development Engineer Develop: Customise...

Contract - Microsoft Access Developement

I am looking to hire an MS Access developer for a short...

2nd Line Technical Support Engineer

Frontier Technology is a premier IT solution provider...

Network Administrator

This is an exciting opportunity to join an established...
To send to more than one email address, simply separate each address with a comma.