Kaspersky Lab and ITU Research Reveals New Advanced Cyber Threat
WOBURN, MA - May 29, 2012 - Kaspersky
Lab announces the discovery of a highly sophisticated malicious program that is
actively being used as a cyber weapon attacking entities in several countries.
The complexity and functionality of the newly discovered malicious program exceed
those of all other cyber menaces known to date.
was discovered by Kaspersky Lab’s experts during an investigation prompted by the
International Telecommunication Union (ITU). The malicious program,
detected as Worm.Win32.Flame by
Kaspersky Lab’s security products, is designed to carry out cyber espionage. It
can steal valuable information, including but not limited to computer display
contents, information about targeted systems, stored files, contact data and
even audio conversations.
independent research was initiated by ITU and Kaspersky Lab after a series of incidents
with another, still unknown, destructive malware program – codenamed Wiper – which deleted data on a number
of computers in the Western Asia region. This particular malware is yet to be
discovered, but during the analysis of these incidents, Kaspersky Lab’s experts,
in coordination with ITU, came across a new type of malware, now known as Flame. Preliminary findings indicate
that this malware has been “in the wild” for more than two years - since March
2010. Due to its extreme complexity, plus the targeted nature of the attacks, no
security software detected it.
the features of Flame differ compared with those of previous notable cyber weapons
such as Duqu and Stuxnet, the geography of attacks, use of specific software
vulnerabilities, and the fact that only selected computers are being targeted all
indicate that Flame belongs to the same category of super-cyberweapons.
uncovering Flame, Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, said: “The
risk of cyber warfare has been one of the most serious topics in the field of
information security for several years now. Stuxnet and Duqu belonged to a single
chain of attacks, which raised cyberwar-related concerns worldwide. The Flame malware
looks to be another phase in this war, and it’s important to understand that
such cyber weapons can easily be used against any country. Unlike with conventional
warfare, the more developed countries are actually the most vulnerable in this
purpose of Flame appears to be cyber espionage, by stealing information from
infected machines. Such information is then sent to a network of command-and-control
servers located in many different parts of the world. The diverse nature of the
stolen information, which can include documents, screenshots, audio recordings
and interception of network traffic, makes it one of the most advanced and
complete attack-toolkits ever discovered. The exact infection vector has still to
be revealed, but it is already clear that Flame has the ability to replicate
over a local network using several methods, including the same printer
vulnerability and USB infection method exploited by Stuxnet.
Gostev, Chief Security Expert at Kaspersky Lab, commented: “The preliminary
findings of the research, conducted upon an urgent request from ITU, confirm
the highly targeted nature of this malicious program. One of the most alarming
facts is that the Flame cyber-attack campaign is currently in its active phase,
and its operator is consistently surveilling infected systems, collecting
information and targeting new systems to accomplish its unknown goals.”
Lab’s experts are currently conducting deeper analysis of Flame. Over the
coming days a series of blog posts will reveal more details of the new threat
as they become known. For now what is known is that it consists of multiple
modules and is made up of several megabytes of executable code in total - making
it around 20 times larger than Stuxnet, meaning that analysing this cyber
weapon requires a large team of top-tier security experts and reverse engineers
with vast experience in the cyber defence field.
use the ITU-IMPACT network, consisting of 142 countries and several industry
players, including Kaspersky Lab, to alert governments and the technical
community about this cyber threat, and to expedite the technical analysis.
details can be found in the Flame FAQ prepared by Kaspersky Lab’s security
researchers at Securelist.com.
About Kaspersky Lab
Kaspersky Lab is the world's largest privately-held Internet Security company,
providing comprehensive protection against all forms of IT threats such as
viruses, spyware, hackers and spam. The company's products provide in-depth
computer defense for more than 400 million systems around the globe, including
home and mobile users, small and medium sized businesses and large
enterprises. Kaspersky technology is also incorporated inside the products
and services of nearly 100 of industry leading IT, networking, communications
and applications solution vendors.