Monday, May 28, 2012

Kaspersky: Flame Malware Represents New Class of Cyber Threat

Moscow-based Kaspersky Lab published a report on a new, advanced cyber threat potentially more potent than Stuxnet and apparently targeted at certain countries in the Middle East.

The new type of malware, now known as Flame, is extremely complex and has remain undetected by security software for the past two years. Kaspersky Lab said the primary purpose of Flame appears to be cyber espionage, including the theft of documents, screenshots, audio recordings and interception of network traffic. Flame is an attack-toolkit with the ability to replicate over a local network using several methods, including the same printer vulnerability and USB infection method exploited by Stuxnet. Stolen information is sent back to a network of command-and-control servers located in many different parts of the world. The attack vector is not yet known.

Kaspersky Lab concludes that Flame should be categorized as a super-cyberweapon, noting similarity with Stuxnet and Duqu in terms of the geography of attacks, use of specific software vulnerabilities, and the fact that only selected computers are being targeted.

Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, said: "The risk of cyber warfare has been one of the most serious topics in the field of information security for several years now. Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide. The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country. Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case." 

See also