Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Is Flamer the most complex malware threat since Stuxnet and Duqu?

Zafar Anjum | May 29, 2012
Symantec, the security software company, thinks that Flamer is on a par with Stuxnet and Duqu.

As far as deadly malwares go, it looks like we have a new kid on the block that could claim a villainy as dark as that of Stuxnet and Duqu.

This new kid on the block is Flamer. Symantec, the security software company, thinks that Flamer is on a par with Stuxnet and Duqu.

The security company issues a statement today in which it said that its Security Response team is analysing this new highly sophisticated and discreet threat called W32.Flamer.

"The analysis so far reveals that the malware was built with the ability to obtain information from infected systems primarily located in the Middle East," Symantec said in a statement. "As with the previous two threats, this code was not written by a single individual but by an organised well funded group of personnel with directives. The code includes multiple references to the string 'FLAME' which may be indicative of either instances of attacks by various parts of the code, or the malware's development project name."

According to the Security Response team, the threat has operated discreetly for at least two years with the ability to steal documents, take screenshots of users' desktops, spread via USB drives, disable security vendor products, and under certain conditions spread to other systems.

The threat may also have the ability to leverage multiple known and patched vulnerabilities in Microsoft Windows, in order to spread across a network, added the Security Response team.

Symantec also said that initial telemetry indicates that the targets of this threat are located primarily in Palestinian West Bank, Hungary, Iran, and Lebanon. Other targets include Russia, Austria, Hong Kong, and the United Arab Emirates. 

Which industry sectors is it targeting-that is still not clear. "However, initial evidence shows the victims may not all be targeted for the same reason," the team said. "Many appear targeted for individual personal activities, rather than their company of employment. Interestingly, in addition to particular organisations being targeted, many of the attacked systems appear to be personal computers being used from home Internet connections."

It added that analysis and investigation into the various components of this malware is ongoing and attack information will be published soon.


Sign up for CIO Asia eNewsletters.