Flame cyber-attack virus attempts to commit cyber-suicideMon 11 Jun, 2012 // Briony Williams
There has been a new and intriguing twist to the story of the “Flame” virus. Last month saw the discovery of “Flame”, a highly sophisticated virus that appears to target PC’s in the Middle East, stealing data and sending it back to command-and-control servers owned by the attackers. This week, it appears that the makers of the Flame software have been sending instructions designed to make it uninstall itself from infected computers: in short, to make it commit cyber-suicide.
Flame targeted countries such as Iran, Israel and Palestine, seeking to steal sensitive data. Security researchers from Kaspersky Labs suggest that it was designed to steal technical drawings from Iran showing the design of electrical and mechanical equipment. Flame was discovered in late May, and the complexity of its design and use of cryptography has led some researchers to suspect that it may have been produced with the backing of a nation-state – although no such state has yet been named. The Flame malware has now stopped operating, and commercial antivirus software now includes the necessary data to scan for a Flame infection.
In a more recent development, security researchers analysing Flame’s source code have discovered similarities with part of the code of the earlier Stuxnet virus, which specifically targeted components at an Iranian nuclear processing facility. This suggests that the teams working on each virus were in contact on at least one occasion, and able to share source code, at an early stage in the development of each virus. Researchers believe that the two teams were essentially separate, but had a minor level of co-operation.
The latest development in the story of the Flame virus is the discovery of new commands sent by the attackers to infected computers. These commands cause the Flame software to uninstall itself, leaving behind no trace of the infection, and overwriting memory locations with random data in order to make it harder for forensic examiners to detect that there ever was a Flame infection. Because some of the Flame command-and-control servers have been taken over by security researchers, it has been possible for them to observe this flow of “cyber-suicide” commands, which appear designed to foil attempts to analyse the virus and its command network.
Whoever may be behind the Flame virus, it is clear that it has heralded a new phase in the ongoing development of cyber-warfare attacks.
“We have been pleased to work with commissum who have provided us with services to address our Security Assurance requirements. commissum met our demands, as an organisation operating within the Legal Services sector, with the highest level of integrity, commitment and excellent level of service. We would have no hesitation in recommending commissum.”
Mr Kenneth P, IT Manager, National Legal Services
"commissum recently provided us with services to assess a web application and supporting infrastructure. I was impressed with the consultants throughout the project, by their technical knowledge, flexibility, open communication and willingness to go that extra mile. Of particular benefit was the sound advice given both during and after the engagement. By identifying vulnerabilities promptly, accompanied with practical recommendations on how to address them. We were able to implement improvements quickly. Good value, a job well done.”
JM, Infosec Analyst, International Investment Bank
"We engaged with commissum for the first time this year and found them highly professional and a pleasure to do business with. We were particularly pleased with the report provided which was of excellent quality, with an appropriate level of detail and clarity in its recommendations. I would happily refer others to commissum.”
Mr Billy K, IT Director, National Law Firm
"We are extremely pleased with the work carried out by the commissum team. All of the commissum staff were a pleasure to work with and maintained a high level of professionalism at all times. They were able to provide us with sound advice and guidance to make sure that we got the best value for money from our test and provided excellent communication and recommendations before, during and after the tests. I would strongly recommend commissum to other companies that are looking for peace of mind in relation to their IT security and I can say that we will use commissum again for future testing.”
Chris S, IT Officer - UK Housing Association
"commissum understood exactly what we needed and delivered excellent service on time, and on budget. Why can't all companies be like them!"
Mr Duncan M, Information Security Manager - National Building Society
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum was particularly responsive and the project was well managed under demanding conditions. I was very happy with the technical standard. Very good value for money as well”
Mr Kenneth Y, Head of IT Risk & Compliance, International Retail Bank
"I was very pleased with the work delivered by commissum from start to finish. The quality of reporting was excellent and the consultants very helpful with clear communication throughout the engagement. I would happily recommend commissum to others.”
Ms Louisa L, IT Manager, National Building Society
"commissum provided us with a high quality service. We found the project team helpful and flexible in responding to changes in requirement; the technical staff in particular were excellent. All commitments including deliverable timescales were met and I would have no hesitation in recommending commissum.”
Mr A Moretti, Executive Director for IT Security Risk Management, Global Investment Bank
"From the start the project went very smoothly despite the short notice. commissum maintained excellent communication throughout ........ their flexibility and responsiveness right up to the end of the project was of great value to us.”
Mr Keith H, Senior Business Manager - UK Local Government