Flame (aka Flame aka Skywiper) is a massive, complex piece of malware, used for information gathering and espionage.
The malware is most likely created by a western intelligence agency or military. It has infected computers in Iran, Lebanon, Syria, Sudan and elsewhere.
There seems to be a clear difference in how online espionage is done from China and how it's done from the west. Chinese actors prefer attacks targeted via spoofed emails with boopy-trapped documents attached. Western actors seem to avoid email and instead use USB sticks or targeted break-ins to gain access.
Worst part of Flame? It has been spreading for years.
Stuxnet, Duqu and Flame are all examples of cases where we - the antivirus industry - have failed. All of these cases were spreading undetected for extended periods of time.
More information from:
- Budapest University of Technology and Economics's Laboratory of Cryptography and System Security (CrySyS)
- Securelist (Kaspersky) Iran National CERT (MAHER)
On 28/05/12 At 06:14 PM