‘Flame’ cyberespionage worm discovered on thousands of machines across Middle East


Flame trojan code
 
 

The UN’s International Telecommunications Union and Kaspersky Labs revealed today that it has discovered Flame, a new trojan rivaling Stuxnet. Codenamed “Worm.Win32.Flame,” the malware is currently being researched and it is described as “one of the most complex threats ever discovered.” It is believed to be active across thousands of computers in the Middle East, primarily in Iran and Israel, as well as on some machines in North Africa.

Researchers believe that the trojan’s primary function is cyberespionage: once Flame infects a computer, it is equipped to record audio from connected or built-in microphones, monitor nearby Bluetooth devices, take screenshots, and save data from documents and emails. All of this data, apparently stolen as part of a targeted attack, is constantly sent up to command and control servers.

Flame “has no major similarities with Stuxnet” or its malware family member Duqu, and is believed to be created and controlled by a separate group. The newly-discovered worm does share some aspects with Stuxnet and Duqu, however. Most disappointingly, Flame takes advantage of the same printer spooling hole and autorun.inf infection methods exploited by Stuxnet. According to Kaspersky Lab’s reports, it’s believed that Flame achieves its initial infection from users who are victims of phishing attacks, and then once it has made it onto a computer it can be spread over local area networks or via USB flash drives with other machines. The bad news is that it’s confirmed that the worm has spread over local area networks to fully-patched Windows 7 systems, but the good news is that you shouldn’t have to worry about Flame breaking into your PC in its current form. As a cyberespionage tool, the trojan has been seen targeting some individuals, but also education and government organizations mainly in the Middle East. Additionally, the research says that the worm surveys a system and will then uninstall itself from machines it thinks are not interesting.

Why is Flame considered to be such a complex threat, then? Well, the malware itself can be up to as large as 20MB — about twenty times larger than Stuxnet. This size is part of what makes Flame unique. According to Kaspersky, most malware is as simple and small as possible, as that makes it easiest to hide the malicious code and get it onto unsuspecting machines. In this case, however, Flame’s size made it hard to detect since no one was looking for it. Part of the reason why Flame is so large is because it has optional plug-ins that can be added after a machine is infected to try and get specific data. Different machines have different assortments of plug-ins on them; that 20MB maximum size includes all 20 different plug-ins that have been discovered. Unfortunately, that massive size is going to make it difficult for researchers to get their hands around Flame: Kaspersky says that since it took “several months” to understand Stuxet’s 500KB of code, it’s expected that Flame may require a year’s worth of effort.

 

theverge.com

Advertisements

‘Flame’ cyberespionage worm discovered on thousands of machines across Middle East


Flame trojan code
 
 

The UN’s International Telecommunications Union and Kaspersky Labs revealed today that it has discovered Flame, a new trojan rivaling Stuxnet. Codenamed “Worm.Win32.Flame,” the malware is currently being researched and it is described as “one of the most complex threats ever discovered.” It is believed to be active across thousands of computers in the Middle East, primarily in Iran and Israel, as well as on some machines in North Africa.

Researchers believe that the trojan’s primary function is cyberespionage: once Flame infects a computer, it is equipped to record audio from connected or built-in microphones, monitor nearby Bluetooth devices, take screenshots, and save data from documents and emails. All of this data, apparently stolen as part of a targeted attack, is constantly sent up to command and control servers.

Flame “has no major similarities with Stuxnet” or its malware family member Duqu, and is believed to be created and controlled by a separate group. The newly-discovered worm does share some aspects with Stuxnet and Duqu, however. Most disappointingly, Flame takes advantage of the same printer spooling hole and autorun.inf infection methods exploited by Stuxnet. According to Kaspersky Lab’s reports, it’s believed that Flame achieves its initial infection from users who are victims of phishing attacks, and then once it has made it onto a computer it can be spread over local area networks or via USB flash drives with other machines. The bad news is that it’s confirmed that the worm has spread over local area networks to fully-patched Windows 7 systems, but the good news is that you shouldn’t have to worry about Flame breaking into your PC in its current form. As a cyberespionage tool, the trojan has been seen targeting some individuals, but also education and government organizations mainly in the Middle East. Additionally, the research says that the worm surveys a system and will then uninstall itself from machines it thinks are not interesting.

Why is Flame considered to be such a complex threat, then? Well, the malware itself can be up to as large as 20MB — about twenty times larger than Stuxnet. This size is part of what makes Flame unique. According to Kaspersky, most malware is as simple and small as possible, as that makes it easiest to hide the malicious code and get it onto unsuspecting machines. In this case, however, Flame’s size made it hard to detect since no one was looking for it. Part of the reason why Flame is so large is because it has optional plug-ins that can be added after a machine is infected to try and get specific data. Different machines have different assortments of plug-ins on them; that 20MB maximum size includes all 20 different plug-ins that have been discovered. Unfortunately, that massive size is going to make it difficult for researchers to get their hands around Flame: Kaspersky says that since it took “several months” to understand Stuxet’s 500KB of code, it’s expected that Flame may require a year’s worth of effort.

 

theverge.com

How zombie LulzSec exposed privates’ love lives with PHP hack


 

 

A dating website for US soldiers was hacked and its database leaked after it blindly trusted user-submitted files, according to an analysis by security firm Imperva. The report highlights the danger of handling documents uploaded to web apps.

“LulzSec Reborn” hacktivists attacked MilitarySingles.com and disclosed sensitive information on more than 170,000 lonely-heart privates in March this year. Hackers uploaded a PHP file that posed as a harmless text document and then commandeered the web server to cough up the contents of its user and a hashed password database.

Fake Angry Birds app makers fined £50k for shock cash suck


 

 

A firm that disguised Android malware as Angry Birds games has been fined £50,000 ($78,300) by UK premium-rate service regulator PhonepayPlus.

A1 Agregator posted mobile apps posing as smash-hit games, including Cut the Rope, on Android marketplaces and other outlets. Rather than offer free entertainment, the software silently sent out a text in order to receive a string of premium-rate messages, costing victims £5 per SMS. Users would have to uninstall the counterfeit apps from their phone to prevent further messages and charges.

Hackers Reveal the Price of iOS Jailbreaks at HITB 2012 Amsterdam


 

 

There have been a lot of interesting developments here at Hack in the Box in Amsterdam, and one of them is the first ever union of the jailbreak Dream Team. Today, Softpedia has had the chance to interview the members of the Chronic Dev Team and learn some things that many were probably curious about.

One of the topics we discussed referred to the financial value of jailbreaks. So how much is their work and the information they possess worth?

“This is hard to answer. I think it depends on who you sell your exploits to, if it’s for the underground or the legal scene,” Pod2g said.
Read more of this post

Hacker Behind “Call of Duty” Trojan Sent to Prison for 1.5 Years


 

 

Many gamers may have noticed the Trojan-infected file that’s being advertised as a patch for the popular Call of Duty game. As it turns out, the mastermind behind this scheme is a 20-year-old student from the UK who has used the malware to collect credit card details from the affected computers.

Kent Online reports that Lewis Martin was apprehended by police while trying to steal computer equipment from colleges in Dover and Deal.

When investigators searched his house, they uncovered documents containing 300 credit card credentials, along with passwords. The details of a fraudulent bank loan were also found.

Prosecutors accused him of using the Trojan to collect credit card details, passwords and credentials to websites such as PayPal, which he sold on the underground markets for sums between $1 (.76 EUR) and $5 (4 EUR).

Now, he has been sentenced to serve 18 months in prison for fraud and burglary charges.
Read more of this post

Social Engineering and Hacking Skills Put to the Test at HITB 2012 Amsterdam


 

 

As we’ve mentioned on previous occasions, this year’s Hack in the Box (HITB) security conference in Amsterdam will feature a lot of great speakers and challenges. One of these will be the “Social Engineering and CTF Challenge” created and run by Sogeti Nederland B.V.

“With #SSEC2012, Sogeti Nederland is very excited to bring a social engineering element into this year’s HITBSecConf. The human factor is often referred to as the weak link in infosecurity defenses,” revealed Martin Visser, a senior security specialist.

“This challenge is aimed to not only highlight the human risk factor, but to also demonstrate the ease with which it can be compromised. Knowing what are the common pretext strategies used to fraud employees is key in protecting organisations from social engineering attacks.”

The competitor’s skills will certainly be put to the test in the contest whose purpose is to raise awareness on attacks that target the weakest link in cybersecurity, the human factor.

Over the course of two days participants will have to hack into wireless routers, social engineer the employees of high-profile Dutch companies and solve a challenge in Sogeti’s CTF web app.
Read more of this post