On Stuxnet and Flame, "there were two different teams working in collaboration," Kaspersky told the Reuters Summit in London.
Flame is a highly sophisticated computer virus that disguises itself as common business software. It was deployed at least five years ago and can eavesdrop on conversations on the computers it infects and steal data.
Security experts have suspected links among Flame, Stuxnet and Duqu - another piece of malicious software that was discovered last year - but Kaspersky Lab was the first to say it found hard evidence.
Later yesterday, Symantec research manager Liam O Murchu agreed, using his company's name for the newest virus, Flamer. If the United States is proven to be a force behind Flame, it would confirm the country that invented the Internet is involved in cyber espionage - something for which it has criticized China, Russia and other nations.
A Pentagon report last year that outlined the still-evolving U. Similar traits Kaspersky Lab had said Flame was developed with a different set of tools than Stuxnet, though it said its analysis was just beginning and would take many months. After digging deeper, Kaspersky Lab said yesterday its researchers identified segments of Flame and a version of Stuxnet released in that were nearly identical - suggesting the engineers who built the two viruses had access to the same set of source code.
That suggested tight collaboration between the teams behind the two viruses. Eugene Kaspersky said it was clear there were two or more teams with differing styles, and that Flame as a whole might have employed people. Researchers have been looking for a connection between Stuxnet and Flame because both viruses infected machines by taking advantage of a Windows flaw to launch the "autorun" feature, and infected personal computers from a small drive inserted via USB slot.
The section of code now cited as connecting the two pieces of malicious software not only concerns that flaw but does so in the same style.
Techopedia Explains Flame Virus. What Does Flame Virus Mean? Flame is a powerful virus discovered by Russian security organization Kaspersky Labs in May It is suspected that Flame is aimed at the government systems of nations in the Middle East, especially Iran. This deadly virus is reported to have a code base at least 20 times larger than that of Stuxnet, which was a very dangerous virus that targeted Iran's uranium enrichment facilities. Flame is believed to be exclusively designed to steal top secret information.
Flame has the ability to collect data files, switch on PC microphones to capture conversations, remotely modify the settings on computers, record instant messaging conversations and grab screen shots. Synonyms Flame Espionage Virus, Worm. Share this Term. Tech moves fast! Stay ahead of the curve with Techopedia! Join nearly , subscribers who receive actionable tech insights from Techopedia. Thank you for subscribing to our newsletter! Find the latest advice in our Community.
See the user guide for your product on the Help Center. Chat with or call an expert for help. Flame is a massive, complex and sophisticated malware designed for information gathering and espionage. Initial reports have termed this malware an 'attack toolkit' or 'platform', as it includes capabilities similar to a trojan, a worm, and a botnet-controlled backdoor.
Though the identity of the attackers remains unknown, the objective of this malware appears to be information gathering focused on organizations, institutions or nation states in the Middle East.
There is speculation that this form of espionage is most likely perpetrated by a rival nation state, though no strong confirmation currently exists.
Flame's technical complexity and its usage suggests a link with prior targeted malwares Stuxnet and Duqu , though there is no reported similarity in the source code of the various malwares. Due to its massive size - approximately 20MB - and the complexity of its structure, analysis of the malware has been challenging and is still ongoing.
The following details are based on information released in initial reports. The malware itself is composed of multiple modules, each with specific roles. These components may be modified or removed, and new modules added, by the attackers. Among its reported capabilities are:. Initial reports indicate that multiple versions of Flame have been circulating in the wild for some time, without being detected by any major antivirus programs or other security software.
At the time of writing, F-Secure has detections for known sample components. Javascript is disabled in your web browser For full functionality of this site it is necessary to enable JavaScript.
0コメント