Russian experts have discovered a new cyber weapon

9
Russian experts have discovered a new cyber weaponKaspersky Lab's specialists have discovered a new malware, Flame, which is actively used in a number of countries as cyber weapons and, in complexity and functionality, surpasses all previously known types of threats, the VZGLYAD reported to the company's information service.

The malicious program was discovered by Kaspersky Lab during a study that was initiated by the International Telecommunication Union (ITU; International Telecommunications Union).

“The program detected by Kaspersky Lab's security products as Worm.Win32.Flame is designed for cyber espionage. It allows you to steal important data, including information displayed on a monitor, information about systems — objects of attack, files stored on a computer, user contact information, and even audio recordings of conversations, ”said the press service of Kaspersky Lab.

It was decided to conduct an independent study after a series of incidents with another, as yet unknown, malware code-named Wiper. She "destroyed data on computers in Western Asia." While working, Kaspersky Lab specialists, in cooperation with the International Telecommunication Union, discovered a new type of malicious program, currently known as Flame.

“According to preliminary results, this malware has been actively used for more than two years, since March 2010. Because of its exceptional complexity and focus on specific goals, until now it could not be detected by any protective product, ”the information service noted.

Although Flame differs in its characteristics from Duqu and Stuxnet malware, which were previously used as cyber weapons, facts such as the geography of attacks, the use of specific vulnerabilities in the software, and the fact that only certain computers become the target of attacks, indicate that Flame refers to the same category of sophisticated cyber weapons.

“For several years now, the danger of military operations in cyberspace has been one of the most serious topics of information security,” commented the discovery of Flame by the general director of Kaspersky Lab, Yevgeny Kaspersky.

“Stuxnet and Duqu were links of the same chain of cyber attacks; their use has raised concern about the possible prospect of unleashing cyberwarfare around the world. Malicious Flame, in all likelihood, is another stage of such a war. It is important to understand that such cyber weapons can easily be turned against any state, ”he said.

"In addition, in cyber war, unlike traditional, developed countries are the most vulnerable," - said Eugene Kaspersky.

According to available data, the main task of Flame is cyber espionage using information stolen from infected machines. The stolen data is transmitted to the network of command servers located in different parts of the world. The malicious program is designed to steal a wide range of data: documents, screenshots, audio recordings, as well as to intercept network traffic. This makes it one of the most sophisticated and full-featured cyber attacks found today.

The question of the vector of infection used by the malware remains unanswered. However, it is already clear that Flame can spread across the network in several ways, including by exploiting the same vulnerability in the Print Manager service and the same infection method through USB devices that the Stuxnet worm uses.

“The preliminary findings of a study conducted at the ITU’s urgent request confirm the targeted nature of this malware. One of the most worrying facts about the cyber attack carried out with Flame is that it is currently in an active stage, and those who are conducting it are constantly monitoring infected systems, collecting information and choosing new objects to achieve their goals unknown to us, ”said Alexander Gostev, antivirus expert at Kaspersky Lab.

Experts at Kaspersky Lab are currently conducting an in-depth Flame analysis. In the coming days, it is planned to publish a series of materials revealing details about the new threat as they are clarified. At the moment, it is known that the malware contains several modules totaling several megabytes of executable code, which is almost 20 times larger than the size of the Stuxnet worm. This means that analyzing this cyber weapon will require a large team of highly professional security experts with significant cyber defense experience.

ITU will use the capabilities of the IMPACT network, consisting of 142 countries and several major industry players, including Kaspersky Lab, to inform government authorities and the technical community about this cyber threat and to ensure the early completion of a technical threat analysis.
Our news channels

Subscribe and stay up to date with the latest news and the most important events of the day.

9 comments
Information
Dear reader, to leave comments on the publication, you must sign in.
  1. BAT
    +3
    29 May 2012 11: 47
    Let's hope that the specialists from the Kaspersky Lab will be able to curb this "beast". I have probably been using Kaspersky's antivirus for 7 years now __ I have never let it down.
    1. +9
      29 May 2012 11: 56
      Annoying is the fact that these are no longer boys hackers having fun, here you can feel the hand and money of the guys in pagons.
      1. +2
        29 May 2012 13: 49
        Quote: sichevik
        Let's hope that the specialists from the Kaspersky Lab will be able to curb this "beast". I have probably been using Kaspersky's antivirus for 7 years now __ I have never let it down.

        Agree with you! I also have Kaspersky, I’ve been using it for 2 years and everything is stopped. Recently, to strengthen the protection, I installed 32 more nodes. Thanks to these 2 antiviruses, I have a layered defense of the computer. It is not strange, but these 2 antiviruses get along well with each other.
  2. Bek
    Bek
    +5
    29 May 2012 11: 53
    Now the whole Western press will scream that this virus is most likely the intellectual product of Somali pirates who went on the cyber warpath or the Iranian ayatollah thus steals the drawings of centrifuges or something like that. And that this virus is by no means connected with the United States and its Israeli henchmen.
  3. +2
    29 May 2012 11: 53
    As Kaspersky himself said, not a single anti-virus program gives 100% results. all that is invented by people by man is hacked.
  4. Tjumenec72
    +3
    29 May 2012 12: 01
    One department designs them another catches)
    What did the worm steal?
  5. +3
    29 May 2012 12: 09
    The work of special services. You might think that Kaspersky does not work for them.
  6. +4
    29 May 2012 13: 42
    Horrible :(
    Install free software and you will be happy no viruses, no worms, no other dirty tricks. + you do not have to pay for a license.
    And the fact that important sensitive information is stored on computers running windows is a state mess.
  7. +2
    29 May 2012 16: 12
    We urgently need to check our site, otherwise our comments will drive them crazy.
  8. Nursultan
    0
    29 May 2012 18: 12
    Well done guys from the Kaspersky Lab that they found. Let's hope that they come up with how to destroy it.
    and the first who will yell that this is not their job will be the United States

"Right Sector" (banned in Russia), "Ukrainian Insurgent Army" (UPA) (banned in Russia), ISIS (banned in Russia), "Jabhat Fatah al-Sham" formerly "Jabhat al-Nusra" (banned in Russia) , Taliban (banned in Russia), Al-Qaeda (banned in Russia), Anti-Corruption Foundation (banned in Russia), Navalny Headquarters (banned in Russia), Facebook (banned in Russia), Instagram (banned in Russia), Meta (banned in Russia), Misanthropic Division (banned in Russia), Azov (banned in Russia), Muslim Brotherhood (banned in Russia), Aum Shinrikyo (banned in Russia), AUE (banned in Russia), UNA-UNSO (banned in Russia), Mejlis of the Crimean Tatar People (banned in Russia), Legion “Freedom of Russia” (armed formation, recognized as terrorist in the Russian Federation and banned)

“Non-profit organizations, unregistered public associations or individuals performing the functions of a foreign agent,” as well as media outlets performing the functions of a foreign agent: “Medusa”; "Voice of America"; "Realities"; "Present time"; "Radio Freedom"; Ponomarev; Savitskaya; Markelov; Kamalyagin; Apakhonchich; Makarevich; Dud; Gordon; Zhdanov; Medvedev; Fedorov; "Owl"; "Alliance of Doctors"; "RKK" "Levada Center"; "Memorial"; "Voice"; "Person and law"; "Rain"; "Mediazone"; "Deutsche Welle"; QMS "Caucasian Knot"; "Insider"; "New Newspaper"