Kapersky Lab has recently uncovered new malware and called it “miniFlame”, because it linked directly to Flame. This piece of software, also known as SPE, was originally found by insecurity experts 4 months ago when they were analyzing the Flame virus – an application responsible for espionage attacks on the PCs running Windows in the Middle East. This July Kaspersky Lab recognized the Flame virus as the most sophisticated malware yet discovered. However, today’s discovery proves that the scale of the operation appears larger than anyone could imagine.
According to the security experts’ findings, miniFlame shares the same architecture with Flame, but can also operate by itself as a malicious program or as a plug-in for Flame and Gauss. The malware is used as a cyber espionage instrument, working as a backdoor for information theft, which allows the intruders to access the infected machine.
However, the number of machines infected by miniFlame is no more than sixty at the moment, and Kaspersky Lab believes that all of them were already infected with the Flame virus, which has simply formed another wave of an espionage attack to steal data. Security experts found out that miniFlame was first designed in 2010, with further editions being created in 2011 and 2012. At the moment, 6 versions of the malware are still considered active. Perhaps, its creators have started to develop it as far back as 2007.
The experts believe that it works the following way: first, Flame or Gauss infect as many machines as they can in order to steal tons of data. After the information is reviewed by the hackers, they define a certain victim and infect it with miniFlame for more in-depth cyber-espionage. The process might involve taking screenshots of the affected machines or using a controlled USB drive to store information gathered from infected computers offline.
As you can see, the structure of miniFlame revealed the cooperation between the developers of Flame malware and another virus – Gauss, because miniFlame is able to work with both applications. Moreover, some insecurity experts suggest that since the links were already established between Flame and Stuxnet applications, they all might have originated from the same source. They were also linked with the government of the United States, with Stuxnet being responsible for attacks on Iranian infrastructure and nuclear facilities.
According to the security experts’ findings, miniFlame shares the same architecture with Flame, but can also operate by itself as a malicious program or as a plug-in for Flame and Gauss. The malware is used as a cyber espionage instrument, working as a backdoor for information theft, which allows the intruders to access the infected machine.
However, the number of machines infected by miniFlame is no more than sixty at the moment, and Kaspersky Lab believes that all of them were already infected with the Flame virus, which has simply formed another wave of an espionage attack to steal data. Security experts found out that miniFlame was first designed in 2010, with further editions being created in 2011 and 2012. At the moment, 6 versions of the malware are still considered active. Perhaps, its creators have started to develop it as far back as 2007.
The experts believe that it works the following way: first, Flame or Gauss infect as many machines as they can in order to steal tons of data. After the information is reviewed by the hackers, they define a certain victim and infect it with miniFlame for more in-depth cyber-espionage. The process might involve taking screenshots of the affected machines or using a controlled USB drive to store information gathered from infected computers offline.
As you can see, the structure of miniFlame revealed the cooperation between the developers of Flame malware and another virus – Gauss, because miniFlame is able to work with both applications. Moreover, some insecurity experts suggest that since the links were already established between Flame and Stuxnet applications, they all might have originated from the same source. They were also linked with the government of the United States, with Stuxnet being responsible for attacks on Iranian infrastructure and nuclear facilities.
No comments:
Post a Comment