29 May 2012

Flamer/Skywiper Stuxnet- Newly Found Cyber-Weapon Discovered By Iran National CERT (MAHER)

Flamer/Skywiper Stuxnet- Newly Found Cyber-Weapon Discovered by Iran National CERT (MAHER)

After "Duqu" now The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). The name “Flamer” comes from one of the attack modules, located at various places in the decrypted malware code. In fact this malware is a platform which is capable of receiving and installing various modules for different goals. At the time of writing, none of the 43 tested anti viruses could detect any of the malicious components. Nevertheless, a detector was created by Maher center and delivered to selected organizations and companies in first days of May. 

Key Features of “Flamer” :-
  • Distribution via removable medias
  • Distribution through local networks
  • Network sniffing, detecting network resources and collecting lists of vulnerable passwords
  • Scanning the disk of infected system looking for specific extensions and contents
  • Creating series of user’s screen captures when some specific processes or windows are active
  • Using the infected system’s attached microphone to record the environment sounds
  • Transferring saved data to control servers
  • Using more than 10 domains as C&C servers
  • Establishment of secure connection with C&C servers through SSH and HTTPS protocols
  • Bypassing tens of known antiviruses, anti malware and other security software
  • Capable of infecting Windows Xp, Vista and 7 operating systems
  • Infecting large scale local networks

For additional information about "Flamer" click Here