homepage Welcome to WebmasterWorld Guest from 54.161.181.49
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Warnings Raised Over 'Flame' Data Collection Malware
engine




msg:4458693
 5:59 pm on May 28, 2012 (gmt 0)

Warnings Raised Over 'Flame' Data Collection Malware [bbc.co.uk]
A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.

Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.

The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.

They described Flame as "one of the most complex threats ever discovered".

 

bordering




msg:4458697
 6:14 pm on May 28, 2012 (gmt 0)

Give it time to filter down the foodchain and over-the-phone card payments could be a thing of the past.

Sgt_Kickaxe




msg:4458775
 10:45 pm on May 28, 2012 (gmt 0)

Kaspersky is on top of their game. I recently ran 10 similar free and paid applications including all of the major brands, on an up to date computer, and the only one to spot a Sinowal-B virus was Kaspersky. I knew the computer was infected but knowing and cleaning are two very different monsters.

If flame is more complex than Sinowal... yikes.

J_RaD




msg:4458803
 12:25 am on May 29, 2012 (gmt 0)

great... more state sponsored bad stuff.


If the virus is really bad why even bother cleaning? better safe then sorry, get data, zero fill drive.

mike2010




msg:4458826
 3:06 am on May 29, 2012 (gmt 0)

The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.

It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open.


Reason #1 why i've had my embedded mic disabled and tape over the embedded camera on the laptop for years now.

Maybe in the 90's this would of been known as paranoia....but with modern day technology, people should of known this was already possible...even if you do have 5 different types of anti-virus / malware protection on...

Seb7




msg:4458844
 3:49 am on May 29, 2012 (gmt 0)

Sgt, I would be surprised if malware bytes are not already aware of this virus.

Sgt_Kickaxe




msg:4458847
 4:01 am on May 29, 2012 (gmt 0)

Sgt, I would be surprised if malware bytes are not already aware of this virus.

Malware bytes did not detect Sinowal-B because Sinowal-B is a rootkit. It opens up access which a real person later uses to set up some traps on your computer in key places. A convincing but fake ebay credit card check AFTER you log into ebay for example, not the traditional keylogger that is open to being scanned. If you don't have a rootkit checking tool in your arsenal, I highly recommend Kaspersky.

amvlad




msg:4459010
 1:43 pm on May 29, 2012 (gmt 0)

Hey guys,


Just wanted to let you know that Bitdefender released a tool to find and remove this complex spy tool.

To determine whether your computer is infected with Flamer, download the Bitdefender removal tool from:

[labs.bitdefender.com...]

Sgt_Kickaxe




msg:4459779
 7:51 am on May 31, 2012 (gmt 0)

No offense amvlad but your only post is the one above this one and I don't know bitdefender well so don't take offense for my asking others... is that link legit?

phranque




msg:4459812
 9:31 am on May 31, 2012 (gmt 0)

bitdefender is a well-known cyber security research company and has been mentioned several times on WebmasterWorld.
site:webmasterworld.com bitdefender:
http://www.google.com/search?q=site%3Awebmasterworld.com%20bitdefender [google.com]

lucy24




msg:4459814
 9:34 am on May 31, 2012 (gmt 0)

Is that what bitdefender is? I know it only as an unwanted Romanian robot. Huh.

phranque




msg:4460611
 10:09 pm on Jun 1, 2012 (gmt 0)

i can't comment on the persistence of their bot but they are located in RO and where else would you rather be for cyber security research?
=8)

frontpage




msg:4460945
 3:13 pm on Jun 3, 2012 (gmt 0)

Very interesting read.

Basically, every time you try to detect and remove Flame and Stuxnet, you are personally helping the Iranian government get a nuclear bomb.

These are not 'malware' in the traditional sense but cyber warfare battles occurring under cover.

Stuxnet, Duqu and Flame are not normal, everyday malware, of course. All three of them were most likely developed by a Western intelligence agency as part of covert operations that weren’t meant to be discovered.


And since President Obama's admin admitted he was directly responsible for these cyber attacks, I guess no one will dare criticize him.

[csmonitor.com...]

"Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet"
[m.wired.com...]

Seb7




msg:4461607
 1:16 pm on Jun 5, 2012 (gmt 0)

[nytimes.com ]
Soon the two countries had developed a complex worm that the Americans called “the bug.” But the bug needed to be tested. So, under enormous secrecy...

Highly recommended reading.

engine




msg:4463030
 5:18 pm on Jun 8, 2012 (gmt 0)

I found this interesting to read. Now it has been discovered, it's trying to wipe itself from the systems.

Flame malware makers send 'suicide' code [bbc.co.uk]
The creators of the Flame malware have sent a "suicide" command that removes it from some infected computers.


Robert Charlton




msg:4463129
 9:04 pm on Jun 8, 2012 (gmt 0)

Two stories related to the above...

In trying to sort out my own Symantec issues this morning, I came across a story on Mashable that expands on the BBC Flame story....

Did the World’s Nastiest Virus Try to Self-Destruct?
[mashable.com...]

The self-destruct command was a file called "browse32.ocx." When the file is run on an infected computer, it automatically locates every bit of Flame's code, removes it, and writes random data over the original code. That process is designed to prevent anybody from studying Flame using a computer that's been infected but has received the self-destruct code.... One could... call it the 'uninstaller.'"

The NY Times Stuxnet story is very much related to Flame (which is now being described as an extremely sophisticated scout program, to lay the groundwork for future Stuxnet-like attacks). From earlier this week... a 47-min Fresh Air interview with David Sanger, the author of the NY Times story. The interview is absolutely gripping...

'Obama's Secret Wars' Against America's Threats
Fresh Air
June 4, 2012

[npr.org...]

Sanger explains that [US and Israeli officials] initially sent a bit of computer code called a beacon into Natanz to map the plant's electronic infrastructure.... "And from the data that they gathered there, the U.S. and the Israelis designed a computer worm that would replicate within the system".... (To test the worm, U.S. officials) built a full-scale replica of the Natanz plant on the grounds of the Department of Energy's national laboratories.

Flame is apparently the next generation of Stuxnet's beacon.

Transcript of the interview here... [npr.org...]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved