Give it time to filter down the foodchain and over-the-phone card payments could be a thing of the past.

Kaspersky is on top of their game. I recently ran 10 similar free and paid applications including all of the major brands, on an up to date computer, and the only one to spot a Sinowal-B virus was Kaspersky. I knew the computer was infected but knowing and cleaning are two very different monsters.

If flame is more complex than Sinowal... yikes.

great... more state sponsored bad stuff.


If the virus is really bad why even bother cleaning? better safe then sorry, get data, zero fill drive.

The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.

It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open.

Reason #1 why i've had my embedded mic disabled and tape over the embedded camera on the laptop for years now.

Maybe in the 90's this would of been known as paranoia....but with modern day technology, people should of known this was already possible...even if you do have 5 different types of anti-virus / malware protection on...

Sgt, I would be surprised if malware bytes are not already aware of this virus.

Sgt, I would be surprised if malware bytes are not already aware of this virus.

Malware bytes did not detect Sinowal-B because Sinowal-B is a rootkit. It opens up access which a real person later uses to set up some traps on your computer in key places. A convincing but fake ebay credit card check AFTER you log into ebay for example, not the traditional keylogger that is open to being scanned. If you don't have a rootkit checking tool in your arsenal, I highly recommend Kaspersky.

Hey guys,


Just wanted to let you know that Bitdefender released a tool to find and remove this complex spy tool.

To determine whether your computer is infected with Flamer, download the Bitdefender removal tool from:

[labs.bitdefender.com...]

No offense amvlad but your only post is the one above this one and I don't know bitdefender well so don't take offense for my asking others... is that link legit?

bitdefender is a well-known cyber security research company and has been mentioned several times on WebmasterWorld.
site:webmasterworld.com bitdefender:
http://www.google.com/search?q=site%3Awebmasterworld.com%20bitdefender [google.com]

Is that what bitdefender is? I know it only as an unwanted Romanian robot. Huh.

i can't comment on the persistence of their bot but they are located in RO and where else would you rather be for cyber security research?
=8)

Very interesting read.

Basically, every time you try to detect and remove Flame and Stuxnet, you are personally helping the Iranian government get a nuclear bomb.

These are not 'malware' in the traditional sense but cyber warfare battles occurring under cover.

Stuxnet, Duqu and Flame are not normal, everyday malware, of course. All three of them were most likely developed by a Western intelligence agency as part of covert operations that weren’t meant to be discovered.

And since President Obama's admin admitted he was directly responsible for these cyber attacks, I guess no one will dare criticize him.

[csmonitor.com...]

"Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet"
[m.wired.com...]

[nytimes.com ]

Soon the two countries had developed a complex worm that the Americans called “the bug.” But the bug needed to be tested. So, under enormous secrecy...

Highly recommended reading.

I found this interesting to read. Now it has been discovered, it's trying to wipe itself from the systems.

Flame malware makers send 'suicide' code [bbc.co.uk]

The creators of the Flame malware have sent a "suicide" command that removes it from some infected computers.

Two stories related to the above...

In trying to sort out my own Symantec issues this morning, I came across a story on Mashable that expands on the BBC Flame story....

Did the World’s Nastiest Virus Try to Self-Destruct?
[mashable.com...]

The self-destruct command was a file called "browse32.ocx." When the file is run on an infected computer, it automatically locates every bit of Flame's code, removes it, and writes random data over the original code. That process is designed to prevent anybody from studying Flame using a computer that's been infected but has received the self-destruct code.... One could... call it the 'uninstaller.'"

The NY Times Stuxnet story is very much related to Flame (which is now being described as an extremely sophisticated scout program, to lay the groundwork for future Stuxnet-like attacks). From earlier this week... a 47-min Fresh Air interview with David Sanger, the author of the NY Times story. The interview is absolutely gripping...

'Obama's Secret Wars' Against America's Threats
Fresh Air
June 4, 2012
[npr.org...]

Sanger explains that [US and Israeli officials] initially sent a bit of computer code called a beacon into Natanz to map the plant's electronic infrastructure.... "And from the data that they gathered there, the U.S. and the Israelis designed a computer worm that would replicate within the system".... (To test the worm, U.S. officials) built a full-scale replica of the Natanz plant on the grounds of the Department of Energy's national laboratories.

Flame is apparently the next generation of Stuxnet's beacon.

Transcript of the interview here... [npr.org...]