Flame – The Malware that’s Shaking the Middle East

Flame is very sophisticated modular malware (or espionageware).   All of it’s modules amount to a whopping 21 MB.   Flame was flam malware iranwritten in C++ and Lau (Lau is language you don’t see like…ever).  Flame can also morph it’s behavior to slip past traditional Antivirus (it’s able to detect over 100 antivirus applications), this apparently works very well.

Flame Objectives:

Flame is designed to quietly steal information by:

  • Logging keystrokes
  • Capturing all network traffic on the infected PC
  • Uploading documents already on the PC
  • Enabling built-in microphones and recording the audio (man…I hope I never get infected with this at my house  😳 )
What’s crazy to me is that Flame may have been in the wild (gone undetected) for up to 2 years!!!  That’s some scary stuff.  It really makes you wonder what else is out there that we don’t know about.
 
Methods of Infection:
  • USB Sticks / Drives
  • Via LAN (spooler exploit)
  • Possibly via hijacked pages
KasperskyLab discovered Flame and now have confirmed over 400 detections of Flame in the Middle east (189 of those in Iran).  No one knows who created Flame, but it’s existence only in the middle East has many people pointing the finger to the US, England and Israel as possible Flame authors.

, , ,

17 Responses to Flame – The Malware that’s Shaking the Middle East

  1. BraveRaymondShaw May 31, 2012 at 3:24 am #

    Nice article, Matt! Sure hope this thing never spreads outside the Middle East…so, it has never been reported outside the area? If not, why is it contained to one region?

    • malwarekilla May 31, 2012 at 1:19 pm #

      Thanks! Flame doesn’t just auto spread. Flame only spreads to hosts when instructed to do so. Instructed being key here 😉

    • mrizos June 1, 2012 at 3:20 pm #

      Thank! Flame only spreads when it’s told to. That’s probably the reason why you’re not seeing it anywhere else yet.

  2. shre12345 May 31, 2012 at 10:35 am #

    matt! yeah it seems like there can be much more things unknown to Antivirus world for now…wonder how nobody discovered flame since past 2 years…i guess even stuxnet and duqu were made on 2010 and were discovered a year after…what cr*p is all this!

    • malwarekilla May 31, 2012 at 1:20 pm #

      Yeah, kinda scary. Theoretically all our boxes could be infected with something.

    • mrizos June 1, 2012 at 3:21 pm #

      Don’t know man, it’s pretty crazy. They’re thinking that flame could have been around for the last 7 years now!

  3. Guest May 31, 2012 at 11:55 am #

    I wonder how many other malwares out there that are undetected. What a scary prospect to think about. I’m glad it didn’t reach the US.

    • mrizos June 1, 2012 at 3:21 pm #

      I doubt we’ll ever find out.

  4. David H. May 31, 2012 at 3:05 pm #

    Wow, reading about this makes me think that the future of malware is going to be quite challenging for those of us who fight against it!

    • mrizos June 1, 2012 at 3:23 pm #

      Short of loading a clean image of your OS every time you boot (and that’s probably not enough) I’m not sure there is anything you can do.

  5. gazugafan June 1, 2012 at 12:40 am #

    I think you mean Lua, right? It’s a scripting language used heavily in game development to avoid frequent re-compilations, actually. NITPICKED 😀

    • mrizos June 1, 2012 at 3:23 pm #

      Thanks for the typo alert. Yeah, I was familiar with Lua in my WoW days, but never imagined it was capable of this!

  6. MHazell June 1, 2012 at 2:43 pm #

    This is why I recommend people switch over to Linux when it is possible.

    • mrizos June 1, 2012 at 3:25 pm #

      I’m sure whoever made Flame has a linux variant. In fact, I’d say no OS is safe when it comes to the United States (NSA) and Israel.

      • MHazell June 1, 2012 at 4:05 pm #

        But Linux has such a small market share in the desktop realm that it would be pointless to make a virus.

  7. Curtis7777 June 3, 2012 at 4:10 pm #

    Thanks Matt. As always, thank you for your dedication to your web site. It is still my favorite. Curse GOOGLE for screwing you up.

  8. 12345shre June 14, 2012 at 11:29 am #

    matt,I have some juicy samples of flame malware…u want it??

Leave a Reply