First things first, There have been a few more developments in the Flame malware saga. Kim Zetter reveals that Flame was in development and might have active much longer than previously thought. According to the clues left in the servers that were breached by Kaspersky and Symantec, the code development can be traced back to 2006. The researchers looking at this malware also believe that about 10,000 machines have been infected with Flame. In addition to these new details, a timeline (image below) has been created that shows the activity of four of the suspected programmers. It includes nicknames of programmers, communication logs, target logs, and other information. Besides Iran, 15 other countries have machines that have been infected. Though most of those countries only account for a few infections, Sudan has about 1/3 of the infections suffered by Iran. One of the juiciest tidbits to come out recently was the fact that about 5.5 GB of stolen data was left on the C&C servers. They do not release any info on what this data is, but I am sure that anyone interested in this topic would love a look at what these hackers were collecting.
In news related to the Flame family, cyber criminals have begun using techniques copied from the new pieces of sophisticated malware such as stuxnet. Stuxnet, the worm that targeted Iran’s nuclear enrichment facilities installed fake device drivers using digital security certificates stolen from Taiwanese firms, allowing them to bypass security software. Criminals are now employing this technique to fool consumer security software and steal passwords, account information and credit card numbers. In Tom Simonite’s article, Roel Schouwenberg, a researcher with Kaspersky, talks about another technique that may become popular with less skilled criminal hackers. His concern is that using these hackers will begin using the modular design of Flame. This will enable the malware operators to upgrade or change parts to suit their needs for a particular attack. He thinks this kind of malware will also be profitable to those who write the malicious code saying, "It provides an up-sell opportunity for these guys if they can sell something, and then offer upgrade kits to improve it later." Ultimately, this type of changing malware will be harder for security companies to defend against.
With all this new information coming from Symantec and Kaspersky, it night only be a matter of time until some sort of concrete evidence is found which can lead to the creators of this malware. Many experts believe these more sophisticated pieces of malware can only belong to a government, but there are those that think because of the fact that there are so many mistakes and clues being found that this might not be the work of a nation. Either way, this malware has paved the way for more sophisticated attacks on the general public.
No comments:
Post a Comment