Flame virus points to more malware- Kaspersky Lab's analysis

Kaspersky Lab revealed the results of a new research pertaining to the discovery of the widely reported, sophisticated, nation-state sponsored Flame cyber-espionage campaign. An official statement reveals that during the research carried out by Kaspersky Lab together with International Telecommunication Union’s cyber security executing arm -- IMPACT, CERT-Bund/BSI and Symantec, several Command and Control (C&C) servers that were used by Flame’s creators were looked into in detail. According to the official statement, analysing the C&C servers shed light on “groundbreaking facts about Flame”.

Following the analysis, traces of three yet undiscovered malicious programs were found, and it was discovered that the development of the Flame platform goes back to December 2006.

The official statement puts forth the major findings of the analysis as follows:

The development of Flame’s Command and Control platform started as early as December 2006.
The C&C servers were disguised to look like a common Content Management System, to hide the true nature of the project from hosting providers or random investigations.
The servers were able to receive data from infected machines using four different protocols; only one of them servicing computers attacked with Flame.
The existence of three additional protocols not used by Flame provides proof that at least three other Flame-related malicious programs were created; their nature is currently unknown.
One of these Flame-related unknown malicious objects is currently operating in the wild.
There were signs that the C&C platform was still under development; one communication scheme named “Red Protocol” is mentioned but not yet implemented.
There is no sign that the Flame C&Cs were used to control other known malware such as Stuxnet or Gauss.

The widely reported Flame cyber-espionage campaign was originally discovered in May 2012 by Kaspersky Lab during an investigation initiated by the International Communication Union. On the discovery of the campaign, ITU-IMPACT got things running quickly and issued an alert to its 144 member nations, along with the appropriate remediation and cleaning procedures.

The findings add, “The complexity of the code and confirmed links to developers of Stuxnet all point to the fact that Flame is yet another example of a sophisticated nation-state sponsored cyber operation. Originally it was estimated that Flame started operations in 2010, but the first analysis of its Command and Control infrastructure (covered by at least 80 known domains names) shifted this date two years earlier.”

The findings in this particular investigation are based on the analysis of the content that which was retrieved from several C&C servers used by Flame. Interestingly, it has been revealed that the information was recovered despite the fact that Flame’s control infrastructure went offline immediately after Kaspersky Lab disclosed the existence of malware. “All servers were running the 64-bit version of the Debian operating system, virtualized using OpenVZ containers. Most of the servers’ code was written in the PHP programming language. Flame’s creators used certain measures to make the C&C server look like an ordinary Content Management System, in order to avoid attention from the hosting provider,” it added.

Reportedly, the encryption methods that were used were sophisticated, ensuring that no one, but the attackers, could receive the data uploaded from infected machines. The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame. It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild. These unknown malicious programs are yet to be discovered.

Worryingly, the analysis revealed that there are signs revealing that the platform is still in the process of development, as a new and yet unimplemented protocol called the 'Red Protocol' was found on the servers. The latest modification of the servers’ code was made on May 18, 2012 by one of the programmers.

“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers. Flame’s creators are good at covering their tracks. But one mistake of the attackers helped us to discover more data that one server was intended to keep. Based on this we can see that more than five gigabytes of data was uploaded to this particular server a week, from more than 5,000 infected machines. This is certainly an example of cyber espionage conducted on a massive scale,” commented Alexander Gostev, Chief Security Expert, Kaspersky Lab.

Comments

Navigating the Depths: Understanding, Treating, and Preventing Pulmonary Embolism

Pulmonary embolism (PE) is a critical medical condition that demands a comprehensive exploration of its intricacies. In this blog post, we will delve into the causes, diagnostic procedures, treatment options, and preventative strategies to shed light on this often life-threatening occurrence. Unveiling the Causes of Pulmonary Embolism : 1. Deep Vein Thrombosis (DVT): PE often originates from deep vein thrombosis, where blood clots in the deep veins, typically in the legs, can break loose and travel to the lungs. 2. Surgical Procedures and Trauma: Surgery and traumatic injuries can elevate the risk of clot formation, especially during periods of immobilization in the recovery phase. 3. Lifestyle Factors: Obesity, smoking, and sedentary habits contribute to a pro-thrombotic state, increasing the likelihood of DVT and subsequent PE. 4. Genetic and Hormonal Factors: Inherited conditions affecting blood clotting, hormonal contraceptives, and pregnancy can predispose individuals to pulmona

Understanding Trans Fats and Their Impact on Heart Health: Unveiling the Science and the Indian Scenario

Trans fats have become a topic of concern in recent years due to their detrimental effects on heart health. These fats, predominantly found in processed foods, pose a significant risk to cardiovascular well-being. In this blog post, we will explore the science behind trans fats, their impact on the heart, shed light on the concerning scenario in India, and discuss common sources of trans fats in our daily diets. Additionally, we will provide practical tips on how to avoid trans fats and make informed choices for a healthier heart. Part 1: The Science Behind Trans Fats and Heart Health What are Trans Fats? Trans fats are artificially created fats formed through a process called hydrogenation. During hydrogenation, liquid vegetable oils are treated with hydrogen gas, leading to the formation of partially hydrogenated oils. These oils contain trans fatty acids, which alter the structure of the fat molecules. The Science Behind Trans Fats and Heart Health : 1. Cholesterol Imbalance : Trans

Intel 2Q profit jump reflects healthy PC demand

SAN FRANCISCO - Worried that the ailing U.S. economy has spilled abroad and hurt global PC sales, investors had subdued expectations for Intel Corp. in the second quarter. Intel is the world's largest computer chip maker, and its fortunes rise and fall with swings in PC demand. The Santa Clara-based company responded Tuesday with a 25 percent jump in profit and record sales in the quarter, fueled by strong sales of processors for laptop computers. The results easily beat analysts' expectations and reassured Wall Street that Intel is weathering the dreary domestic economy thanks to its broad international reach, a robust product lineup, and a manufacturing advantage over smaller rival Advanced Micro Devices Inc. that lowers Intel's cost of making chips. Intel Chief Executive Officer Paul Otellini said demand for Intel's chips remains strong "in all segments and all parts of the globe." Three-quarters of Intel's business is outside the U.S. Intel shares rose

India's Vulnerability to Inflation and Currency Depreciation: Understanding the Major Drawbacks

India, like many countries, faces various challenges that can make it vulnerable to inflation and currency depreciation. Inflation erodes the purchasing power of the currency, while currency depreciation can lead to higher import prices, affecting the economy. In this blog post, we will explore some major drawbacks that leave India vulnerable to these economic issues. 1. High Dependence on Imports India imports a large quantity of crude oil, gold, and other commodities, making it susceptible to fluctuations in global prices. Any sudden increase in the price of these commodities could lead to higher fuel prices, which can then drive up transportation costs and ultimately push prices higher across the economy. In addition, the cost of gold imports can affect the current account deficit and the value of the Rupee. Example: In 2018, global oil prices increased significantly, leading to higher fuel prices in India. This impacted inflation and the value of the Rupee as India is heavily depen

Gigabyte Launches EP45 Mobo Range

Gigbyte has announced the launch of the EP45-Extreme series of motherboards that target the extreme overclocking segment of the motherboard market. The series currently consists of the GA-EP45T-EXTREME for DDR3 users and the GA-EP45-EXTREME for those who still prefer using DDR2 memory; both motherboards are based on Intel’s latest P45 Express chipset. Designed for extreme overclocking performance, the EP45-EXTREME series of motherboards supports Intel multi-core processors up to FSB 1600MHz, including the latest Intel 45nm processors. Other high bandwidth features include support for ATI CrossFireX Technology with 2 PCI Express 2.0 x 8 interfaces and dual LAN with teaming functionality for ultra bandwidth for gaming servers. The motherboards utilize Gigabyte’s unique Hybrid Silent-Pipe slot cooling system . This utilizes the natural convection of air inside and outside the chassis to cool down the North Bridge, South Bridge and CPU MOSFETs without the use of a fan. The Gigabyte H

Japan's Work Culture: A Comprehensive Examination

Japan's work culture is often lauded for its dedication, efficiency, and unwavering commitment to productivity. However, beneath this veneer of unwavering diligence lies a darker reality – a culture that has normalized overwork, perpetuated a pressure to conform, and left little room for personal well-being. The prevalence of karoshi, or death from overwork, is a stark testament to the detrimental effects of Japan's work culture. An estimated 10,000 people succumb to karoshi each year, highlighting the alarming consequences of excessive work hours and the relentless pursuit of productivity. Zangyo, or overtime, is deeply ingrained in the fabric of Japan's work culture. Employees are often expected to work long hours, often extending beyond their official working hours. This relentless pursuit of productivity comes at a heavy price, leading to burnout, a state of emotional, physical, and mental exhaustion. The pressure to conform in Japanese society extends to the workplace,

TechTalk: Exploring the Latest Technology News, Updates, Reviews, and Gossip

Search This Blog