Skip to main content

Flame virus points to more malware- Kaspersky Lab's analysis


Kaspersky Lab revealed the results of a new research pertaining to the discovery of the widely reported, sophisticated, nation-state sponsored Flame cyber-espionage campaign. An official statement reveals that during the research carried out by Kaspersky Lab together with International Telecommunication Union’s cyber security executing arm -- IMPACT, CERT-Bund/BSI and Symantec, several Command and Control (C&C) servers that were used by Flame’s creators were looked into in detail. According to the official statement, analysing the C&C servers shed light on “groundbreaking facts about Flame”.

Following the analysis, traces of three yet undiscovered malicious programs were found, and it was discovered that the development of the Flame platform goes back to December 2006.
The official statement puts forth the major findings of the analysis as follows:
  • The development of Flame’s Command and Control platform started as early as December 2006.
  • The C&C servers were disguised to look like a common Content Management System, to hide the true nature of the project from hosting providers or random investigations.
  • The servers were able to receive data from infected machines using four different protocols; only one of them servicing computers attacked with Flame.
  • The existence of three additional protocols not used by Flame provides proof that at least three other Flame-related malicious programs were created; their nature is currently unknown.
  • One of these Flame-related unknown malicious objects is currently operating in the wild.
  • There were signs that the C&C platform was still under development; one communication scheme named “Red Protocol” is mentioned but not yet implemented.
  • There is no sign that the Flame C&Cs were used to control other known malware such as Stuxnet or Gauss.
The widely reported Flame cyber-espionage campaign was originally discovered in May 2012 by Kaspersky Lab during an investigation initiated by the International Communication Union. On the discovery of the campaign, ITU-IMPACT got things running quickly and issued an alert to its 144 member nations, along with the appropriate remediation and cleaning procedures.
The findings add, “The complexity of the code and confirmed links to developers of Stuxnet all point to the fact that Flame is yet another example of a sophisticated nation-state sponsored cyber operation. Originally it was estimated that Flame started operations in 2010, but the first analysis of its Command and Control infrastructure (covered by at least 80 known domains names) shifted this date two years earlier.”

The findings in this particular investigation are based on the analysis of the content that which was retrieved from several C&C servers used by Flame. Interestingly, it has been revealed that the information was recovered despite the fact that Flame’s control infrastructure went offline immediately after Kaspersky Lab disclosed the existence of malware. “All servers were running the 64-bit version of the Debian operating system, virtualized using OpenVZ containers. Most of the servers’ code was written in the PHP programming language. Flame’s creators used certain measures to make the C&C server look like an ordinary Content Management System, in order to avoid attention from the hosting provider,” it added.

Reportedly, the encryption methods that were used were sophisticated, ensuring that no one, but the attackers, could receive the data uploaded from infected machines. The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame. It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild. These unknown malicious programs are yet to be discovered.

Worryingly, the analysis revealed that there are signs revealing that the platform is still in the process of development, as a new and yet unimplemented protocol called the 'Red Protocol' was found on the servers. The latest modification of the servers’ code was made on May 18, 2012 by one of the programmers.

“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers. Flame’s creators are good at covering their tracks. But one mistake of the attackers helped us to discover more data that one server was intended to keep. Based on this we can see that more than five gigabytes of data was uploaded to this particular server a week, from more than 5,000 infected machines. This is certainly an example of cyber espionage conducted on a massive scale,” commented Alexander Gostev, Chief Security Expert, Kaspersky Lab.

Comments

Popular posts from this blog

The Return of Trump: What India's Economy and Job Market Can Expect

Donald Trump has made a comeback, winning the U.S. presidential election once again. With his return to the White House, there are many questions about how his policies will impact India's economy, especially regarding U.S.-based jobs and trade relations. Trump's previous tenure was characterized by his "America First" agenda, which significantly influenced global trade, immigration, and outsourcing dynamics. In this blog, we explore the potential advantages and challenges India may face under Trump's renewed leadership. 1. H-1B Visa and Immigration Policies: A Renewed Challenge During his previous term, Trump tightened immigration rules, especially concerning the H-1B visa program. This program is crucial for India's IT sector, which relies on sending skilled professionals to the U.S. What We Can Expect : Stricter Visa Norms : Trump's administration is likely to continue enforcing strict H-1B visa policies. This could mean increased scrutiny, higher rejec...

The State of Quantum Computing in 2024: Where Are We Now?

  Quantum computing is one of the most exciting and rapidly advancing fields in technology today. As we step into 2024, it’s clear that quantum computing is no longer a distant dream but a rapidly evolving reality. However, the journey from theoretical models to practical applications is still ongoing. So, where do we stand with quantum computing today? Let’s explore the current landscape, the breakthroughs, and what lies ahead. 1. The Hardware Frontier: Scaling Up Qubits One of the most critical aspects of quantum computing is the hardware itself. Unlike classical computers, which use bits to represent data as 0s and 1s, quantum computers use  qubits  that can exist in multiple states simultaneously, thanks to the principles of  superposition  and  entanglement . Recent Hardware Advancements IBM  remains a leader in quantum hardware, having recently introduced its new  “Condor” quantum processor , which boasts over  1,121 qubits . This is a ...

Rethinking Exercise: Lessons from an Evolutionary Biologist

Harvard professor and evolutionary biologist Daniel Lieberman challenges many of the commonly held beliefs about exercise, sleep, and the human body. Lieberman, who is also the author of the book   Exercised , draws on his extensive research to argue that our modern lifestyle has led to a "mismatch" between our evolved biology and the environment we live in today. This disconnect, he suggests, is a significant factor behind many of the health problems we face. Here are some of the most eye-opening takeaways from Lieberman's interview: 1. The Myth of 8 Hours of Sleep We’ve all heard that 8 hours of sleep is the gold standard for health. However, Lieberman argues that this one-size-fits-all approach to sleep is misleading. He references studies on hunter-gatherer societies, who live without the influence of artificial lighting and other modern sleep disruptors. Surprisingly, these populations typically sleep between 6-7 hours a night. Lieberman suggests that, for most peopl...

The Deadly Naegleria fowleri: The Brain-Eating Amoeba Found in India

 When we think of life-threatening infections, we usually consider bacteria or viruses. However, lurking in warm freshwater bodies is a far deadlier yet lesser-known microorganism—Naegleria fowleri, often referred to as the "brain-eating amoeba." This microscopic organism thrives in warm, stagnant water and, if it enters the body through the nose, can cause a severe and almost always fatal brain infection called Primary Amebic Meningoencephalitis (PAM). In this blog, we will explore: What is Naegleria fowleri? How does it affect the brain? Confirmed cases in India and affected states Precautions to prevent infection What is Naegleria fowleri? Naegleria fowleri is a single-celled amoeba found in warm freshwater such as: Ponds, lakes, and rivers Hot springs Poorly maintained swimming pools Untreated water storage tanks It thrives at temperatures above 25°C and can survive up to 46°C, making it a potential risk in tropical and subtropical regions, including Indi...

Bhagat Singh: A Journey from Revolutionary to Philosopher in Prison

 Bhagat Singh’s life was an extraordinary evolution—from a fiery revolutionary to a contemplative philosopher whose ideas continue to inspire generations. His imprisonment, far from breaking his spirit, became a crucible where his thoughts deepened, his ideals sharpened, and his legacy solidified. By tracing his journey from youthful defiance to mature intellectualism, we see how his life became a testament to the enduring power of ideas. The Early Revolutionary: Planting the Seeds of Defiance Bhagat Singh’s revolutionary spirit was sparked by the brutalities of British rule, most notably the Jallianwala Bagh massacre of 1919. As a young boy, he was deeply moved by the blood-soaked soil of Amritsar, which solidified his commitment to India's independence. Early on, he drew inspiration from leaders like Lala Lajpat Rai and global revolutionary movements. In 1929, Bhagat Singh and Batukeshwar Dutt orchestrated the Central Legislative Assembly bombing, a symbolic act designed to aw...

The Economic Rebirth of India: How 1991 Reforms Transformed the Nation

A Tribute to Dr. Manmohan Singh Today, as we mourn the loss of Dr. Manmohan Singh, we pause to honor one of India’s greatest statesmen. A visionary economist and humble leader, Dr. Singh’s contributions shaped modern India, steering the nation through one of its darkest economic crises and paving the way for its rise as a global powerhouse. His legacy as the architect of India’s liberalization reforms is unparalleled, and his profound impact on the lives of millions will be remembered for generations. Dr. Singh exemplified leadership marked by intellect, integrity, and quiet determination. His policies transformed the Indian economy, dismantling stagnation and laying the groundwork for sustained growth. Even beyond his tenure as Finance Minister and later as Prime Minister, his wisdom and statesmanship continued to inspire the nation. This blog post delves deeper into Dr. Singh’s extraordinary contributions, particularly during the pivotal 1991 economic reforms, and reflects on the par...