NEWS FROM THE LAB - Monday, May 28, 2012

Case Flame Posted by Mikko @ 18:14 GMT

Flame (aka Flame aka Skywiper) is a massive, complex piece of malware, used for information gathering and espionage.

The malware is most likely created by a Western intelligence agency or military. It has infected computers in Iran, Lebanon, Syria, Sudan and elsewhere.


There seems to be a clear difference in how online espionage is done from China and how it's done from the West. Chinese actors prefer attacks targeted via spoofed e-mails with booby-trapped documents attached. Western actors seem to avoid e-mail and instead use USB sticks or targeted break-ins to gain access.


The worst part of Flame? It has been spreading for years.

Stuxnet, Duqu and Flame are all examples of cases where we — the antivirus industry — have failed. All of these cases were spreading undetected for extended periods of time.

More information from:

  •  Budapest University of Technology and Economics's Laboratory of Cryptography and System Security (CrySyS)
  •  Securelist (Kaspersky)
  •  Iran National CERT (MAHER)