Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Flame spy virus gets order to vanish: experts
France24 ^ | 10 June 2012 | AFP

Posted on 06/10/2012 4:55:17 PM PDT by csvset

US computer security researchers said Sunday that the Flame computer virus that smoldered undetected for years in Middle Eastern energy facilities has gotten orders to vanish, leaving no trace.

Anti-virus company Symantec said in a blog post that late last week, some Flame "command-and-control servers sent an updated command to several compromised computers."

"This command was designed to completely remove (Flame) from the compromised computers."

Flame malicious software (malware) appears to have been "in the wild" for two years or longer and prime targets so far have been energy facilities in the Middle East, especially in Iran.

The discovery of Flame immediately sparked speculation that it had been created by US and Israeli security services to steal information about Iran's controversial nuclear drive.

Kaspersky Lab, one of the world's biggest producers of anti-virus software, said the Flame virus was "about 20 times larger than Stuxnet," the worm which was discovered in June 2010 and used against the Iranian nuclear program.

High concentrations of computers compromised by Flame were also found in Lebanon, the West Bank and Hungary. Additional infections have been reported in Austria, Russia, Hong Kong and the United Arab Emirates.

Compromised computers included many being used from home connections, according to security researchers who were looking into whether reports of infections in some places resulted from workers using laptops while traveling.

While the components and tactics of Flame were considered old-school, the gigantic virus's interchangeable software modules and targeted nature were evidence that malware is a potent weapon in the Internet era.

Computers infected with malware are typically programmed to reach out on the Internet to get updated orders from command servers controlled by hackers.

In this case, it appeared that Flame masters gave an order for the malware to vanish, leaving behind no trail that investigators might be able to follow or clues to its origin.

The self-destruct command was evidently sent after Flame was exposed and investigations commenced.

Infected computers that got the command went on to delete an array of files and then cram disks with random characters to thwart recovery of original code, according to security researchers.

It was unknown how many infected computers received the self-destruct command.

Flame was designed to suck information from computer networks and relay what it learned back to those controlling the virus. It can record keystrokes, capture screen images, and eavesdrop using microphones built into computers.

In an intriguing twist, the malware can also use Bluetooth capabilities in machines to connect with smartphones or tablets, mining contact lists or other information, according to security researchers.


TOPICS: Foreign Affairs
KEYWORDS: flame; iran; iranusda; israel; tech; usa
I see what you do !
1 posted on 06/10/2012 4:55:29 PM PDT by csvset
[ Post Reply | Private Reply | View Replies]

To: csvset
O'bama, his own bad self, did it last Friday.

He wrote the original code, you see.

2 posted on 06/10/2012 4:57:28 PM PDT by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: csvset

In this case, it appeared that Flame masters gave an order for the malware to vanish, leaving behind no trail that investigators might be able to follow or clues to its origin.


This might be true, but I expect that it will arise again in a modified form. It might be months, it might be years. A good piece of Malware like this is a too good a tool to just put away and forget about it.


3 posted on 06/10/2012 5:09:43 PM PDT by The Working Man
[ Post Reply | Private Reply | To 1 | View Replies]

To: csvset

And what about backups of the original hard disks ?


4 posted on 06/10/2012 5:26:11 PM PDT by justa-hairyape
[ Post Reply | Private Reply | To 1 | View Replies]

To: The Working Man

Pbhtt... Well, Kaspersky Labs said the thing was out there for years (!!!). I’d say they probably have Flame v2 and v3 already ready for release.


5 posted on 06/10/2012 5:39:39 PM PDT by farlander (Fiat Justitia, Ruat Caelum. Sic Semper Tyrannis!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Izzy Dunne

Symantec should not have released that information.


6 posted on 06/10/2012 5:43:49 PM PDT by Ham Hock ( i)
[ Post Reply | Private Reply | To 2 | View Replies]

To: justa-hairyape
thank you... it's on the backups for sure
7 posted on 06/10/2012 5:56:35 PM PDT by Chode (American Hedonist - *DTOM* -ww- NO Pity for the LAZY)
[ Post Reply | Private Reply | To 4 | View Replies]

To: csvset

http://www.youtube.com/watch?v=z5rRZdiu1UE


8 posted on 06/10/2012 8:10:05 PM PDT by Pride_of_the_Bluegrass
[ Post Reply | Private Reply | To 1 | View Replies]

To: AdmSmith; AnonymousConservative; Berosus; bigheadfred; Bockscar; ColdOne; Convert from ECUSA; ...

Thanks csvset.


9 posted on 06/10/2012 9:52:14 PM PDT by SunkenCiv (https://secure.freerepublic.com/donate/)
[ Post Reply | Private Reply | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson