The Inquirer-Home

Researchers discover a mini Flame malware tool

Kaspersky Lab finds more Flame malware
Tue Oct 16 2012, 10:32
A bonfire

SECURITY OUTFIT Kaspersky Lab has discovered another Flame related malware module thought to have been actively targeting governments and critical infrastructure industries.

The IT security company reported discovering the new Flame variant, codenamed "mini Flame", while analysing a number of command and control servers used by Flame's creators on Monday.

Kaspersky Lab warned that despite being far smaller than Flame and targeting only a handful of networks, the mini Flame malware is still dangerous.

"The SPE malware, which we call 'miniFlame', is a small, fully functional espionage module designed for data theft and direct access to infected systems," wrote a Kaspersky Lab researcher.

"If Flame and Gauss were massive spy operations, infecting thousands of users, miniFlame/SPE is a high-precision, surgical attack tool."

Mini Flame is reportedly doubly dangerous as it can work as a module of the larger Flame and Gauss Trojans or as a standalone cyber espionage tool in its own right.

"MiniFlame is in fact based on the Flame platform, but is implemented as an independent module. It can operate either independently, without the main modules of Flame in the system, or as a component controlled by Flame," the Kaspersky Lab researcher wrote.

Kaspersky went on to cite the discovery of miniFlame as further proof that the authors of Flame are still active and creating new malware.

"The discovery of miniFlame, which works with both these espionage projects, proves that we were right when we concluded that they had come out of the same 'cyber-weapon factory'," read the Kaspersky blog post.

"We believe that the developers of miniFlame created dozens of different modifications of the program. At this time, we have only found six of these, dated 2010-11."

Kaspersky clarified that despite being related, mini Flame's target list is radically different to the main Flame malware's.

"Unlike Flame, where the vast majority of incidents were recorded in Iran and Sudan, and unlike Gauss, which was mostly present in Lebanon, SPE [miniFlame] does not have a clear geographical bias," wrote a Kaspersky researcher.

Flame was originally uncovered in May targeting Iranian computer systems. The malware drew widespread concerns within the security industry regarding its advanced espionage capabilities.

The full scale of Flame and its overarching implications remain unknown, despite the ongoing joint research campaign being mounted by several security vendors including Kaspersky and Symantec.

"With Flame, Gauss and miniFlame, we have probably only scratched surface of the massive cyber-spy operations ongoing in the Middle East," Kaspersky added.

"Their true and full purpose remains obscure and the identities of the victims and attackers remain unknown."

Since being uncovered the existence of threats like Flame has been used as evidence that governments and businesses must change their attitude towards cyber security.

Most recently, RSA executive chairman Arthur Coviello highlighted the malware's existence as proof that businesses must begin adopting an intelligence-based, rather than perimeter-based, defence strategy. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015