Flame (espionage worm) - AusGamers Forums

Call of Duty: Ghosts - 5.11.13

Hands-On with The Last of Us!

Injustice: Gods Among Us Rev...

Neon, Lasers, Cyborgs and Dr...

Microsoft Confuses Everybody on Xbox One Internet Needs and Game Trading

Flame (espionage worm)

parabol

Brisbane, Queensland

7021 posts

Looks like a new worm has been making its way around Middle Eastern computers. It's quite a step up from Stuxnet in terms of size/complexity, but seems to be meant mostly for gathering information.

Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on. All this data is available to the operators through the link to Flame’s command-and-control servers.

The bit I found most interesting:

The malware has the ability to regularly take screenshots; what’s more, it takes screenshots when certain “interesting” applications are run, for instance, IM’s. Screenshots are stored in compressed format and are regularly sent to the C&C server - just like the audio recordings.

I'd recommend a read of the analysis FAQ for anyone interested in some of the high-level details: link

(EDIT: fixed link via delete/create thread thanks to edit limit)

10:23am 29/05/12 Permalink

adBot

ads

Internet

--
ads keep websites free

10:23am 29/05/12 Permalink

dranged

Melbourne, Victoria

2013 posts

I found this one interesting:

Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport.

Everyone's at it!

10:26am 29/05/12 Permalink

natslovR

Sydney, New South Wales

7787 posts

Just reading this. Bit scary: At the moment, we haven’t seen use of any 0-days; however, the worm is known to have infected fully-patched Windows 7 systems through the network, which might indicate the presence of a high risk 0-day.

10:45am 29/05/12 Permalink

skythra

Brisbane, Queensland

5616 posts

Just leave QGL for ten seconds and go to ausgamers to edit a post. That way there's no edit limit.

03:19pm 29/05/12 Permalink

adBot

ads

Internet

--
ads keep websites free

03:19pm 29/05/12 Permalink

This thread is archived and cannot be replied to.