Coders Behind the Flame Malware Left Incriminating Clues on Control Servers

17 Sep 2012

By: Kim Zetter, WIRED

The attackers behind the nation-state espionage tool known as Flame accidentally left behind tantalizing clues that provide information about their identities and that suggest the attack began earlier and was more widespread than previously believed.

Researchers have also uncovered evidence that the attackers may have produced at least three other pieces of malware or variants of Flame that are still undiscovered.

The information comes from clues, including four programmers’ nicknames, that the attackers inadvertently left behind on two command-and-control servers they used to communicate with infected machines and steal gigabytes of data from them. The new details about the operation were left behind despite obvious efforts the attackers made to wipe the servers of forensic evidence, according to reports released Monday by researchers from Symantec in the U.S. and from Kaspersky Lab in Russia.