New cyber espionage malware ‘Flamer’ is the most complex ever seen

Our Malware Analysis team has discovered a highly complex malware (Trojan.Flamer.A) that is written using the ‘Lua’ programming language. This malware is on par, if not stronger, than previously seen similar threats, Stuxnet and Duqu. The Iranian CERT (Computer Emergency Response Team) has many names for this worm – ‘Flame’, ‘Flamer’, ‘Skywiper’ or ‘Viper’. They detected the malware as it began launching cyber-attacks on their energy sector. The malware uses known vulnerabilities like Print Spooler and LNK in order to execute its malicious components. These vulnerabilities were first seen with Stuxnet in June 2010 and our investigations show that a few of the malicious components were reported around 2 years and 10 months ago. The malware is approximately 20 times larger than Stuxnet and hence the ramifications for the security industry are huge.

Furthermore, the malware communicates with its Command and Control (C&C) servers, which are inactive as of now, with the help of secure HTTPS and SSH protocols. This makes it even harder to detect this newfound threat. It is also capable of spreading through USB drives and local networks, thanks to its component based architecture. Further risks like screen capturing, scanning network resources, enabling and sharing Bluetooth connections, detecting and disabling anti-virus suites, negating the effects of security patches and recording audio (something which is highly unusual for malware) are also being seen.

The broad purpose of this malware is to extract information from the SQLite database on the machines of their victims. Its targets can range from individual users to educational institutions to state-run organizations. We are carrying out further analysis of this malware and will update our readers with more information soon since it is a highly complex malware with many other characteristics. It appears to have been written by a large group of people over a period of several years, so its analysis will need to be carried out in a systematic manner. Quick Heal ensures that its users are constantly protected against such threats.

Rahul Thadani

Rahul Thadani

Follow @

Subscribe
Notify of
guest
7 Comments
Inline Feedbacks
View all comments
Ajay
Ajay
8 years ago

Thanks for updating on this lasted complex threat ! Great to see Quick Heal is also fighting this global epidemic.

Sai
Sai
8 years ago

Does worm.win32.flame and Trojan.Flamer.A responds in the same manner? and whether Quick Heal products has the solution for both the above threats?

Sai
Sai
8 years ago
Reply to  Rahul Thadani

Hi Rahul,
Thanks for clearing my point, that was the nice and useful update

Robin
Robin
8 years ago

Your anti virus really protects from flame ?

Suraj
Suraj
8 years ago

So much things flame can do! It must be silent war between nations.and obviously it must be the product of nationwide large secret agency. Thanks for giving such valuable info and I hopeI’ll get some more info soon . Till then I’ll learn some of LUA. Thanks over and over again.

7
0
Would love your thoughts, please comment.x
()
x