Malware and artificial life have become an important weapons in the cyber warfare. In the past we have seen how Stuxnet and Duqu were silently causing damage to their targets assigned. Where Stuxnet made fatal attack and caused heavy damage to Iran nuclear program (SCADA vulnerability exploitation), Duqu became a mystery over the programming language it was coded in. In a recent news, security researcher from Kaspersky Lab have identified a new malware. The malware is said to be 20 times the size of Stuxnet.The new virus is the largest and possibly most complex piece of malware ever discovered, which suggests it is state-sponsored. It is loaded with functions but so far none appear to be destructive, the researcher said. The malwae is targeting sensitive information across the Middle East.
Once deployed, Flame can sniff network traffic, take screenshots, record audio conversations, intercept a keyboard, and more. All of this data is then available via Flame’s command-and-control servers. Iran has thus far been hardest hit by Flame, with at least 189 infections. Israel/Palestine came in second with 98, followed by Sudan (32), Syria (30), Lebanon (18), Saudi Arabia (10), and Egypt (5). The malware may have been active for as long as five to eight years. It uses five encryption methods, three compression techniques and at least five file formats.The similarity between Stuxnet and Flame is of spreading through computers that can share a printer on one network by exploiting a particular Windows vulnerability.Flame contains 20 MB of code and is programmed in LUA, a scripting language which can very easily be extended and interfaced with C code. Many parts of Flame have high order logic written in LUA – with effective attack subroutines and libraries compiled from C++ as informed by researcher. The malware is fair enough to do its job, for which it is tamed. Stay tuned as we keep an eye on the issue.
