The Inquirer-Home

Kaspersky finds three Flame related malware threats

Firm warns at least one is still operating in the wild
Mon Sep 17 2012, 17:20
Flame code uncovered by Kaspersky

SECURITY OUTFIT Kaspersky Lab has discovered three Flame spyware related malware threats that it said use "sophisticated encryption methods".

Kaspersky claims that it uncovered the three new hostile programs while analysing a number of Command and Control (C&C) servers used by Flame's creators.

"Sophisticated encryption methods were utilised so that no one, but the attackers, could obtain the data uploaded from infected machines," the firm's statement read.

"The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame.

"It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild."

The discovery of the three programs indicates that Flame's Command and Control platform was being developed in 2006, four years earlier than first thought.

Flame was originally uncovered in May targeting Iranian computer systems. The malware drew widespread concerns within the security industry regarding its advanced espionage capabilities.

The full scale of Flame and its overarching implications remain unknown, despite the ongoing joint research campaign being mounted by Kaspersky, IMPACT, CERT-Bund/BSI and Symantec.

"It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers," said Kaspersky's chief security expert, Alexander Gostev.

Following the discovery of the three new related programs, Kaspersky's chief malware expert Vitaly Kamluk told The INQUIRER that Flame is not the only one in this big family.

"There are others and they aren't just other known malwares such as Stuxnet, Gauss or Duqu," he said. "They stay in the shadows and no one has published anything about them yet. Others were probably used for different campaigns."

Kamluk added that it is "very possible" there are more than the three listed in Kaspersky's report.

"They started building RedProtocol, yet another 'language' for unknown malware. No known client types are using that one, which means that there is even more malware out there," he added. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015