Iran Finds New Stuxnet Strain Dubbed Flame

According to the Iranian Computer Emergency Response Team (MAHER) a new cyber cyberespionage threat has surfaced that seems to be related to Stuxnet.  This new malware strain appears to be more complex and much larger in file size then Stuxnet according to malware experts at Kaspersky Labs. They are calling this new threat "Flame".

Kaspersky reports that part of Flame is writtin in LUA, a program language common for games.  This is the first time they have seen malware written in such a language.

Flame spreads to other computers through USB devices and from a security hole found in the Microsoft operating system that has been patched some years ago.  This is also how Stuxnet spread.

What I find interesting is that the Flame virus does not fully execute it's self if antivirus software is installed on the computer.  By not ringing any bells or doing anything too malicious the software can fly under the radar.  This is truly a more complex virus.  Too complex for a single individual to create which leads most experts to believe a nation state is behind this threat. The origins of this virus is unknown but acording to Symantec researchers who analyzed the code it seems to be written by predominantly English speaking programmers.

The purpose of Flame seems to try and steal private information such as user names and passwords. This appears to be only a small part of what this malware is capable of doing.

Researchers from the Laboratory of Cryptography and System Security (CrySyS) of the Budapest University of Technology and Economics are calling this threat sKyWiper.  They say this sKyWiper is the most complex malware virus they have ever encountered. Acording to the university it covers all major possibilities to gather intelligence, including keyboard, screen,
microphone, storage devices, network, wifi, Bluetooth, USB and system processes. See http://www.crysys.hu/skywiper/skywiper.pdf

Comments

  1. random guy says

    How is it removed? PC or MAC or Unix? Please provide more info….

    • Anonymous says

      RV has no sample of this threat. How it is removed is anyones guess at this point and time. More information will come with time.

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.