Spy virus
Kaspersky Lab continues to hunt for malware. On May 28, in their blog, they reported that they had discovered a virus of the new species, which for about 5 years has been scanning and collecting confidential information from computers throughout the Middle East.
Flame source code snippet. Image from securelist.com
')
The virus was named “Flame” , and was equipped with a large set of abilities to steal information. In addition to the main Trojan, it includes about 20 loadable modules that extend the functionality of the virus. His arsenal included recordings of conversations using a connected microphone, copying users' personal correspondence through instant messaging programs, and even the ability to take screenshots directly from the monitor. At the same time, the program did not inflict any physical damage, its purpose was only to collect information.
Naturally, the focus of the implementation of the "worm" was on private, commercial and government systems. However, the computers of ordinary users and the municipal infrastructure were also infected.
According to Kaspersky Lab, the Flame virus is similar in its characteristics to the Duqu and Stuxnet Trojans, which were recently discovered in the Iranian nuclear program system. Among the attacked countries are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
Experts see in this conspiracy of government scale, talking about the complexity and extent of infection. Kaspersky Lab is confident that independent hackers could not develop a program of this level. Experts also note that several control servers of the virus are now active, but it is not possible to find out which state is behind this, “LC”.
The same story happened with Iran’s contaminated nuclear system in 2011, which threw off development in this area for the country a couple of years ago. The experts then reported on the elimination of the Duqu virus, but did not find those responsible for its implementation.
“ The virus has been active for 5 years now ,” said Roel Schovenberg, a Kaspersky Lab expert. - If we were able to recognize it only now, then it is possible that Flame continues to operate through codes that we do not yet know.
Flame source code snippet. Image from securelist.com
')
The virus was named “Flame” , and was equipped with a large set of abilities to steal information. In addition to the main Trojan, it includes about 20 loadable modules that extend the functionality of the virus. His arsenal included recordings of conversations using a connected microphone, copying users' personal correspondence through instant messaging programs, and even the ability to take screenshots directly from the monitor. At the same time, the program did not inflict any physical damage, its purpose was only to collect information.
Naturally, the focus of the implementation of the "worm" was on private, commercial and government systems. However, the computers of ordinary users and the municipal infrastructure were also infected.
According to Kaspersky Lab, the Flame virus is similar in its characteristics to the Duqu and Stuxnet Trojans, which were recently discovered in the Iranian nuclear program system. Among the attacked countries are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
Experts see in this conspiracy of government scale, talking about the complexity and extent of infection. Kaspersky Lab is confident that independent hackers could not develop a program of this level. Experts also note that several control servers of the virus are now active, but it is not possible to find out which state is behind this, “LC”.
The same story happened with Iran’s contaminated nuclear system in 2011, which threw off development in this area for the country a couple of years ago. The experts then reported on the elimination of the Duqu virus, but did not find those responsible for its implementation.
“ The virus has been active for 5 years now ,” said Roel Schovenberg, a Kaspersky Lab expert. - If we were able to recognize it only now, then it is possible that Flame continues to operate through codes that we do not yet know.
Source: https://habr.com/ru/post/144772/
All Articles