Russian experts have discovered a new cyber weapon
The malicious program was discovered by Kaspersky Lab during a study that was initiated by the International Telecommunication Union (ITU; International Telecommunications Union).
“The program detected by Kaspersky Lab's security products as Worm.Win32.Flame is designed for cyber espionage. It allows you to steal important data, including information displayed on a monitor, information about systems — objects of attack, files stored on a computer, user contact information, and even audio recordings of conversations, ”said the press service of Kaspersky Lab.
It was decided to conduct an independent study after a series of incidents with another, as yet unknown, malware code-named Wiper. She "destroyed data on computers in Western Asia." While working, Kaspersky Lab specialists, in cooperation with the International Telecommunication Union, discovered a new type of malicious program, currently known as Flame.
“According to preliminary results, this malware has been actively used for more than two years, since March 2010. Because of its exceptional complexity and focus on specific goals, until now it could not be detected by any protective product, ”the information service noted.
Although Flame differs in its characteristics from Duqu and Stuxnet malware, which were previously used as cyber weapons, facts such as the geography of attacks, the use of specific vulnerabilities in the software, and the fact that only certain computers become the target of attacks, indicate that Flame refers to the same category of sophisticated cyber weapons.
“For several years now, the danger of military operations in cyberspace has been one of the most serious topics of information security,” commented the discovery of Flame by the general director of Kaspersky Lab, Yevgeny Kaspersky.
“Stuxnet and Duqu were links of the same chain of cyber attacks; their use has raised concern about the possible prospect of unleashing cyberwarfare around the world. Malicious Flame, in all likelihood, is another stage of such a war. It is important to understand that such cyber weapons can easily be turned against any state, ”he said.
"In addition, in cyber war, unlike traditional, developed countries are the most vulnerable," - said Eugene Kaspersky.
According to available data, the main task of Flame is cyber espionage using information stolen from infected machines. The stolen data is transmitted to the network of command servers located in different parts of the world. The malicious program is designed to steal a wide range of data: documents, screenshots, audio recordings, as well as to intercept network traffic. This makes it one of the most sophisticated and full-featured cyber attacks found today.
The question of the vector of infection used by the malware remains unanswered. However, it is already clear that Flame can spread across the network in several ways, including by exploiting the same vulnerability in the Print Manager service and the same infection method through USB devices that the Stuxnet worm uses.
“The preliminary findings of a study conducted at the ITU’s urgent request confirm the targeted nature of this malware. One of the most worrying facts about the cyber attack carried out with Flame is that it is currently in an active stage, and those who are conducting it are constantly monitoring infected systems, collecting information and choosing new objects to achieve their goals unknown to us, ”said Alexander Gostev, antivirus expert at Kaspersky Lab.
Experts at Kaspersky Lab are currently conducting an in-depth Flame analysis. In the coming days, it is planned to publish a series of materials revealing details about the new threat as they are clarified. At the moment, it is known that the malware contains several modules totaling several megabytes of executable code, which is almost 20 times larger than the size of the Stuxnet worm. This means that analyzing this cyber weapon will require a large team of highly professional security experts with significant cyber defense experience.
ITU will use the capabilities of the IMPACT network, consisting of 142 countries and several major industry players, including Kaspersky Lab, to inform government authorities and the technical community about this cyber threat and to ensure the early completion of a technical threat analysis.
Information