Wednesday, June 13, 2012

A complicated malware named "FLAME"

Hey pals,
How are you all?
I am fine and happy with vacations which are soon going to end.


Recently when I was surfing related to Cyber-war and Cyber-attacks, I came across a very important and threatening topic which was related to "Malware" .


In olden days wars were large and needed a huge army 



Now the day is not away when Cyber-Wars are going to start, actually the next pic shows that its already started.
This view is of Pentagon.

The future wars will definitely held with cyber-attacks.
My next blog will explain, how a cyber attack can bring down a complete nation.

For now I want to discuss a step that was initiated against Cyber-Security.


A complicated malware was discovered whose name is "Flame".


This malware was active since last 2 years ( may be more, exact prediction is not available yet to anyone).

FLAME


By looking at this photo don't assume that this malware has capability to burn your system into ashes. :-D.
It can cause more damage than you can think.

Till date it was believed that "Stuxnet" was the most complicated and harmful malware. I can't explain everything about stuxnet here as it would be too long, for more information on stuxnet, visit http://en.wikipedia.org/wiki/Stuxnet .

"Flame" was so well coded and designed that even the professionals were not able to detect its presence but recently due to some flaws , it was detected and they say that it may take even a complete year to understand this malware till the depth.

The approximate size of "Flame" was 20 to 22 mb and trust me, a malware with such size is considered pretty large in Cyber-security aspects.

It is believed that Swiss-Army is behind this malware but recent surveys and predictions revealed that "Flame" may be U.S or Israeli creation.

Malware analysts at the security firm Bitdefender say they’ve found a unique capability within Flame’s code that would potentially allow it to steal data even from computers that aren’t connected to the Internet or to other networked machines. Instead of simply uploading stolen data to a remote server as traditional spyware does, Flame can also move the target information–along with a copy of itself–onto a USB memory stick plugged into an infected machine, wait for an unwitting user to plug that storage device into an Internet-connected PC, infect the networked machine, copy the target data from the USB drive to the networked computer and finally siphon it to a faraway server.

Spreading itself over an infected USB device is hardly a new trick for malware. But Bitdefender’s researchers say they’ve never before seen a cyberespionage program that can also move its stolen digital booty onto the USB stick of an oblivious user and patiently wait for the opportunity to upload it to the malware’s controllers.


“It turns users into data mules,” says Bitdefender senior malware analyst Bogdan Botezatu. “Chances are, at some point, a user with an infected flash drive will plug it into a secure computer in a contained environment, and Flame will carry the target’s information from the protected environment to the outside world…It uses its ability to infect to ensure an escape route for the data. This is is somewhat revolutionary for a piece of malware.”


Flame was designed to use the same .lnk autorun vulnerability first exploited by the NSA-built Stuxnet malware to invisibly install itself on USB devices. To hide its trove of stolen data on the user’s device, Flame copies both itself and its data to a folder labelled with a single “.” symbol, which Windows fails to interpret as a folder name and thus renders as invisible to the user.

Regardless, Botezatu says Flame’s USB-piggybacking trick fits with its profile as a highly sophisticated spying tool meant to steal a target’s most protected secrets–not just another cybercriminal keylogger designed to catch credit card numbers. “Most of the infrastructure it targets is highly contained, often without Internet access,” says Botezatu. “It’s natural for Flame to have a mechanism for moving data from one environment to another that doesn’t rely on Internet or network communications.”
Flame’s USB data-smuggling is just one of its unique features that have awed researchers. The spyware also used a previously unknown cryptographic attack to spoof a digital certificate that allowed its code to appear to have been created by Microsoft. That innovation is estimated to have required cutting-edge mathematics as well as the equivalent of $200,000 worth of computing power based on renting processor time from Amazon.

Kaspersky researcher Roel Schouwenberg suggests that Flame, which predates Stuxnet, may have been designed to “kick-start” the Stuxnet operation, performing reconnaissance on the target systems to prepare for Stuxnet’s physical attack.

Finally from the survey , the following figure shows the overall effects of "Flame"

The day is not far away when nations will have war with the help of computers and networks.

The question is not Whether such cyber-wars will occur or not, the question is when such Cyber-wars will occur ? ? ? 

Have a good day..
Surf safe and be Cyber-Safe....
---------------------------------------------------------------------------------------------







No comments:

Post a Comment