17 October 2012
miniFlame
Once installed, MiniFlame operates as a backdoor and enables the malware operators to obtain any file from an infected machine, according to research from Kaspersky Lab.
The malware can also capture screenshots from infected PCs when people use a
"Separately, at the request from MiniFlame's C&C operator, an additional data-stealing module can be sent to an infected system, which infects USB drives and uses them to store data that's collected from infected machines without an Internet connection," said Kaspersky Lab.
To recap the malware family tree: Flame was discovered in May 2012. It was initially dismissed by some security researchers as bloatware, in part because of the application's size--20 MB with all modules installed, versus an average of up to 1 MB for most other malware. But ongoing analysis of Flame yielded numerous surprises, including its designers having tapped world-class crypto to imbue the malware with the ability to spoof Windows Update and automatically install itself on targeted computers.
Relation on Flame and Gauss
MiniFlame's ability to be used as a plug-in by either Flame or Gauss clearly connects the collaboration between the development teams of both Flame and Gauss," according to Kaspersky Lab's research. "Since the connection between Flame and Stuxnet/Duqu has already been revealed, it can be concluded that all these advanced threats come from the same 'cyber warfare' factory."
ref> http://www.informationweek.com/security/vulnerabilities/meet-flame-espionage-malware-cousin-mini/240009131
The malware can also capture screenshots from infected PCs when people use a
- specified application,
- IM service, or
- FTP client, or
"Separately, at the request from MiniFlame's C&C operator, an additional data-stealing module can be sent to an infected system, which infects USB drives and uses them to store data that's collected from infected machines without an Internet connection," said Kaspersky Lab.
To recap the malware family tree: Flame was discovered in May 2012. It was initially dismissed by some security researchers as bloatware, in part because of the application's size--20 MB with all modules installed, versus an average of up to 1 MB for most other malware. But ongoing analysis of Flame yielded numerous surprises, including its designers having tapped world-class crypto to imbue the malware with the ability to spoof Windows Update and automatically install itself on targeted computers.
Relation on Flame and Gauss
MiniFlame's ability to be used as a plug-in by either Flame or Gauss clearly connects the collaboration between the development teams of both Flame and Gauss," according to Kaspersky Lab's research. "Since the connection between Flame and Stuxnet/Duqu has already been revealed, it can be concluded that all these advanced threats come from the same 'cyber warfare' factory."
ref> http://www.informationweek.com/security/vulnerabilities/meet-flame-espionage-malware-cousin-mini/240009131
Subscribe to:
Posts (Atom)