Meet 'Flame', The Massive Spy Malware Infiltrating Iranian Computers

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/threatlevel/2012/05/flame/

By Kim Zetter
Threat Level
Wired.com
May 28, 2012

A massive, highly sophisticated piece of malware has been newly found 
infecting systems in Iran and elsewhere and is believed to be part of a 
well-coordinated, ongoing, state-run cyberespionage operation.

The malware, discovered by Russia-based anti-virus firm Kaspersky Lab, 
is an espionage toolkit that has been infecting targeted systems in 
Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other 
countries in the Middle East and North Africa for at least two years.

Dubbed "Flame" by Kaspersky, the malicious code dwarfs Stuxnet in size 
-- the groundbreaking infrastructure-sabotaging malware that is believed 
to have wreaked havoc on Iran’s nuclear program in 2009 and 2010. 
Although Flame has both a different purpose and composition than 
Stuxnet, and appears to have been written by different programmers, its 
complexity, the geographic scope of its infections and its behavior 
indicate strongly that a nation-state is behind Flame, rather than 
common cyber-criminals -- marking it as yet another tool in the growing 
arsenal of cyberweaponry.

The researchers say that Flame may be part of a parallel project created 
by contractors who were hired by the same nation-state team that was 
behind Stuxnet and its sister malware, DuQu.

[...]

_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org