Nailing down a timeline for the development of Flame, the newsuper-cyber spying malware recently found infecting PCs in Iran andother Middle Eastern countries, will be critical to connecting thedots between it, Stuxnet and Duqu, experts said today. Flame, as the espionage tool has been named, is a massive piece of malware -- 20 to 40 times larger than Stuxnet -- that infiltratesnetworks, scouts out the digital landscape, then uses a variety ofmodules to pilfer information. [ Learn how to greatly reduce the threat of malicious attacks withInfoWorld's Insider Threat Deep Dive PDF special report. ] What researchers are trying to determine is not only how Flameworks -- an effort that will take months -- but how it fits withother malware that experts believe targeted Iran, a country at oddswith the West over its nuclear program. In particular, two earlier-discovered threats: Stuxnet, which mosthave concluded was created to sabotage Iran's uranium-enrichmentfacilities, and Duqu, an intelligence-gathering tool many believewas used to pinpoint targets for Stuxnet. "The most interesting thing about Flame is its possiblerelationship to Stuxnet," said Roel Schouwenberg, a seniorresearcher with Moscow-based antivirus company Kaspersky Lab. "Thetimelines [of the two] will play a big part in any analysis." Liam O Murchu, director of operations for Symantec's securityresponse center, agreed. "The timeline is very important," said OMurchu. Both Kaspersky and Symantec are busy digging into Flame, and thetwo companies were instrumental in deciphering Stuxnet two yearsago. They're perfectly positioned to draw conclusions about the twopieces of malware, and any connections between the pair. Although Stuxnet was first discovered by researchers in mid-2010,Symantec traced its first attack to June 2009 , with follow-up campaigns launched in March and April 2010. Duqu, meanwhile, may have been created as early as 2007 or 2008,even though evidence of attacks by the malware can be tracked onlyas far back as August 2011. So where does Flame fit in? "We looked at our telemetry, and we see evidence of Flame in 2010,"said O Murchu. "But it's very possible it goes back further thanthat." Kaspersky could trace Flame back about that far, too. "We'veconfirmed it in 2010, but there's some circumstantial evidence thatgoes back to 2007," said Schouwenberg. What Schouwenberg called "circumstantial" was first raised byCrySyS Lab at the Budapest [Romania] University of Technology andEconomics, in a first-impressions analysis of Flame publishedMonday ( download PDF ). CrySyS cited a 2007 appearance of Flame's main component aspossible proof of an early development date. "[Flame] may have beenactive for as long as five to eight years, or even more," CrySySasserted. Those earlier dates have not been confirmed by either Kaspersky orSymantec, however, in part because Flame spoofs its file creationand code compilation time and date stamps. Chronology is important because of the Windows vulnerabilities thatboth Stuxnet and Flame exploited. The e-commerce company in China offers quality products such as China Die Casting Molds , Injection Mold Parts Manufacturer, and more. For more , please visit Plastics Injection Molding today!
Related Articles -
China Die Casting Molds, Injection Mold Parts Manufacturer,
|