Russian specialists uncover a new cyberweapon

Source: Shutter Stock / Legion Media

Source: Shutter Stock / Legion Media

Kaspersky Labs was instrumental in the discovery of the Flame malware.

Researchers at Kaspersky Labs, Russia’s leading anti-virus software firm, have uncovered Flame, a new malicious program that is being used as a cyberweapon by several countries. The complexity and functionality of the newly discovered malware exceed those of all other cybermenaces discovered to date, according to the Kaspersky Labs press service

Kaspersky Labs detected the malware during an investigation requested by the International Telecommunication Union (ITU).

“The malicious program, detected as Worm.Win32.Flame by Kaspersky Labs security products, is designed to conduct cyberespionage. It can steal sensitive data, including, but not limited to, computer display contents, information about targeted systems, stored files, user contact data and even audio conversations,” the Kaspersky Labs press service said.

The independent research was initiated by ITU and Kaspersky Labs after a series of incidents with another, still unknown, destructive malware program codenamed Wiper, which “deleted data on a number of computers in Western Asia.” During the assignment, Kaspersky Labs staff, in coordination with the ITU, came across a new type of malware, now known as Flame.

“Preliminary findings indicate that this malware has been ‘in the wild’ for more than two years now – since March 2010. Due to its extreme complexity and the targeted nature of the attacks, no security software has been able to detect it,” the press service said.

Although the features of Flame differ from those of Duqu and Stuxnet – the notorious malware previously employed as cyberweapons, there are several indicators that Flame belongs to this same category of super cyberweapons. These indicators include the geography of attacks, the malware’s ability to take advantage of specific software vulnerabilities and the fact that only targeted computers are affected.

“The risk of cyberwarfare has been high on the information security agenda for a few years now,” Eugene Kaspersky, CEO and co-founder of Kaspersky Labs said, commenting on the discovery of Flame.

“Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide. The Flame malware looks to be a new phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country,” Kaspersky added.

“Furthermore, in a cyberwar, unlike conventional warfare, the more developed countries are actually the most vulnerable.”

According to available data, Flame’s primary objective is cyberespionage: it steals information from infected machines. The stolen data are then sent to a network of command servers located throughout the world. The malware is designed to pinch documents, screenshots, and audio recordings and intercept network traffic, which makes it one of the most sophisticated and versatile attack-toolkits ever discovered.

The exact infection vector has still to be revealed, but it is already clear that Flame has the ability to spread over the network using several methods, including the same printer vulnerability and USB infection method exploited by Stuxnet.

“The preliminary findings of the research that has been conducted following an urgent request from ITU confirm the highly targeted nature of this malicious program. One of the most alarming facts is that the Flame cyberattack campaign is currently in its active phase, and its operator is consistently monitoring infected systems, collecting data and targeting new systems to accomplish its goals that are yet unknown to us,” said Alexander Gostyev, Chief Security Expert at Kaspersky Labs.

Experts from Kaspersky Labs are currently conducting a more thorough analysis of Flame. Over the coming days, a series of blog posts will reveal more details of the new threat as they become known. For now, what is known is that it consists of multiple modules and is made up of several megabytes of executable code in total – making it around 20 times larger than Stuxnet. This means that analyzing this cyber weapon will require a large team of highly skilled security experts with extensive experience in cyberdefense.

ITU will use the ITU-IMPACT network, made up of 142 countries and several large industry players, including Kaspersky Labs, to alert governments and the technical community about this cyberthreat and expedite the technical analysis.

First published Vz.ru.

All rights reserved by Rossiyskaya Gazeta.