Register for an account

X

Enter your name and email address below.

Your email address is used to log in and will not be shared or sold. Read our privacy policy.

X

Website access code

Enter your access code into the form field below.

If you are a Zinio, Nook, Kindle, Apple, or Google Play subscriber, you can enter your website access code to gain subscriber access. Your website access code is located in the upper right corner of the Table of Contents page of your digital edition.

Technology

New “Flame” Malware is One of the Most Complex Cyber Weapons Yet

80beatsBy Veronique GreenwoodMay 29, 2012 10:16 PM

Newsletter

Sign up for our email newsletter for the latest science news

A massive piece of malware, nicknamed "Flame" by security researchers at Kaspersky Lab, has been discovered attacking computers in Iran and the rest of the Middle East. The scale and sophistication of the malware suggests that it was commissioned by a nation-state, perhaps by the same parties that built StuxNet, which destroyed Iranian uranium centrifuges several years ago, and Duqu, a related Trojan that culled information from infected computers. Flame doesn’t share any code with StuxNet or Duqu. But it is much larger---Duqu, for instance, was just 500 kilobytes, while Flame is 20 megabytes---and it impressed the Kaspersky researchers with its array of functions, which make it a kind of giant Swiss Army knife of malware. Here’s some of what it can do, from Kim Zetter's explainer at Wired:

Among Flame’s many modules is one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity; a module that turns Bluetooth-enabled computers into a Bluetooth beacon, which scans for other Bluetooth-enabled devices in the vicinity to siphon names and phone numbers from their contacts folder; and a module that grabs and stores frequent screenshots of activity on the machine, such as instant-messaging and email communications, and sends them via a covert SSL channel to the attackers’ command-and-control servers. The malware also has a sniffer component that can scan all of the traffic on an infected machine’s local network and collect usernames and password hashes that are transmitted across the network.

Flame been active for at least two years, probably longer, though it's hard to tell because the malware's littered with false dates (it's pretty clear, for example, that no matter what its records say, Flame wasn't infecting computers in 1994). It will take quite a while for researchers to unravel all its functions and learn more about its origins: A security expert at Kasperksy calls it “one of the most complex threats ever discovered.” Get the full details on Flame at Wired's Threat Level.

2 Free Articles Left

Want it all? Get unlimited access when you subscribe.

Subscribe

Already a subscriber? Register or Log In

Want unlimited access?

Subscribe today and save 70%

Subscribe

Already a subscriber? Register or Log In