Newly Discovered 'Flame' Malware Said to Be Targeting Iran
A recently-discovered piece of malware dubbed “Flame” appears to be a highly sophisticated espionage toolkit that is currently making its way around targeted systems. The malware goes to work by spying on infected systems and capturing a large amount of information. To date, infections are concentrated in Iran and other countries in the Middle East and North Africa. Flame has capabilities to exfiltrate all types of data including documents stored on host machines, record keystrokes, take screenshots and even activate microphones and listen in on conversations. It appears that this is another state-sponsored infection such as Stuxnet or Duqu. However, Flame does not appear to have the same author.
What’s particularly disconcerting from a security standpoint is that Flame went undetected for nearly two years. We wrote about targeted malware attacks in AppRiver’s 2012 Prediction Report and discussed the high probability that if in the wrong hands, targeted malware could become weaponized:
Targeted Malware – Stuxnet and Duqu raised more than a few eyebrows as they may have done more than unwillingly steal the top of the headlines this past year. These incredibly complex pieces of malware made their way to specific targets with incredible swiftness and accuracy. There’s no doubt that this type of attack whether it be government sponsored or otherwise will remain at least as prevalent if not more so in 2012. The Flame toolkit also shows evidence of state sponsorship though it had different authors and a less focused goal. It’s highly complex code gives analysts a strong feeling that this is no ordinary malware, but instead something that was meant to gather as much information as possible from its intended targets. It is obvious now that cyberspace has been weaponized and we will continue to see attacks of this fashion as long as they remain effective.
Stuxnet, Duqu and Flame are great examples of an era in which we now live in where cyber-war and cyber-espionage are becoming more mainstream and successfully exploiting infected systems. And unfortunately, we can expect to see more of these types of threats grow in sophistication and regularity in the years to come.