Coders Behind the Flame Malware Left Incriminating Clues on Control Servers
By: Kim Zetter, WIRED
The attackers behind the nation-state espionage tool known as Flame
accidentally left behind tantalizing clues that provide information
about their identities and that suggest the attack began earlier and was
more widespread than previously believed.
Researchers have also uncovered evidence that the attackers may have
produced at least three other pieces of malware or variants of Flame
that are still undiscovered.
The information comes from clues, including four programmers’
nicknames, that the attackers inadvertently left behind on two
command-and-control servers they used to communicate with infected
machines and steal gigabytes of data from them. The new details about
the operation were left behind despite obvious efforts the attackers
made to wipe the servers of forensic evidence, according to reports
released Monday by researchers from Symantec in the U.S. and from Kaspersky Lab in Russia.