Flame (malware)
Flame is a malicious program that has been discovered in May 2012 by the manufacturer of security software, Kaspersky Labs, as it has already been used for attacks in computer networks.
Just as the two malware Duqu and Stuxnet, it is classified as a serious threat to information security on the Internet, especially since the functionality and complexity are estimated to be even greater. With Flame infected computers can be remotely controlled and spied. For example, run on a computer connected by the malicious software or integrated in the computer microphones, keyboards and displays can be evaluated. After an infection as a rootkit Flame can spread to other systems on a local network or via a USB stick.
The software was mainly detected on computers in the Middle East and has been active since March 2010 at the latest, heise.de already informed at least since 2007. All government organizations by the International Telecommunication Union ( ITU) about the discovery in order to translate CERTs if necessary, take counter-measures, in order to protect infrastructures. About the origin of the malicious program initially was not known. However, it is noteworthy that the malicious software has infected relatively few computer and the infections are apparently not via the public Internet. Conventional security software can not detect or prevent such attacks usually home users are not threatened by Flame.
Flame requires approximately 20 megabytes unusual amount of non-volatile data storage, combines different malware techniques (in particular, backdoor, trojan and worm functionalities) in itself and provides an entire malware toolkit dar. Kaspersky has Flame under the name " Worm.Win32.Flame " classified as a worm; Avira leads Flame under the name " TR / Flamer.A " as Trojans. The software was able to infect via the Windows Update feature Windows XP, Vista and Windows 7 operating systems. For this purpose, they used a fake code signing certificate that was generated by an MD5 collision attack. This Flame intercepts the Windows update request from a computer and forwards it to an infiltrated computer on. The unsuspecting user installs then hand the harmful component. In the event of a discovery by a heuristic scanner or a behavior analysis Flame is also equipped with a self-destruct function, in which the infected hosts are instructed to erase the program by a uninstall routine itself.
The author or authors of the Flame software governmental organizations from the experts that they discovered indicated. According to sources, the Washington Post, Flame of the U.S. and Israel has been jointly developed. Analysts from Kaspersky suspect an exchange with the authors of Stuxnet, given the similarity of parts of the code. It should also be a large number of servers and personnel needed to control the present in the wild Flame installations and to receive the order sampled data and save it.
In July 2012, a further variant of Flame was discovered in the ongoing investigation of Flame, Gauss and Duqu by Kaspersky Labs, the mini flame was baptized. It is believed that mini flame is spread over Flame or Gauss. Unlike Flame only around fifty computers are infected, but very important computers in Iran, Lebanon and Kuwait.