By Madison Ruppert: A new piece of malware dubbed “MiniFlame” – hinting at the software’s relation to the Flame virus which attacked computer systems in the Middle East – has been uncovered by Kaspersky Lab.
The development of MiniFlame coincided with that of Flame and unlike other malware, MiniFlame actually “allows the operator direct access to the infected system,” according to Kaspersky.
Writing for CNET, Lance Whitney characterizes MiniFlame as “a cyber espionage program that can take over where Flame leaves off.”
“First, Flame or Gauss are used to infect as many victims as possible to collect large quantities of information,” Kaspersky explains. “After data is collected and reviewed, a potentially interesting victim is defined and identified, and miniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage.”
This seems to be similar to how Duqu and Stuxnet might have been utilized in concert to make targets increasingly vulnerable to attacks.
Kaspersky states that another name for SPE – which they first discovered back in July – other than MiniFlame, is “John.”
While at first they thought MiniFlame was just an earlier version of Flame, upon deeper research last month they discovered that MiniFlame is actually a separate strain of malware built to take advantage of computers infected by Flame and Gauss.
“Gauss used a modular structure resembling that of Flame, a similar code base and system for communicating with command-and-control (C&C) servers, as well as numerous other similarities to Flame,” according to Kaspersky researchers.
MiniFlame is far from simple, according to Kaspersky, seeing as developers likely began work as far back as 2007 and continued working until the end of 2011.
So far six variants of MiniFlame have already been uncovered and chances are more will be found in the near future.
Kaspersky said that the infection rate is relatively low compared to Flame and Gauss with only 50-60 computers worldwide thought to be infected with MiniFlame.
While this might seem great at first, Whitney points out, “But these types of attacks are less focused on quantity and more on hitting specific targets.”
“MiniFlame is a high precision attack tool. Most likely it is a targeted cyberweapon used in what can be defined as the second wave of a cyberattack,” said Kaspersky Lab Chief Security Expert Alexander Gostev in a statement.
“The discovery of miniFlame also gives us additional evidence of the cooperation between the creators of the most notable malicious programs used for cyber warfare operations: Stuxnet, Duqu, Flame, and Gauss,” Gostev added.
Whitney rightly points out that these related strains of malware popping up in high concentrations in the Middle East “are seen as a sign of continued cyberwarfare against Middle East countries. In particular, many analysts believe many of these strains gathered intelligence in Iran and may have been used to sabotage its nuclear-weapons program.”
“With Flame, Gauss, and miniFlame, we have probably only scratched [the] surface of the massive cyber-spy operations ongoing in the Middle East,” wrote a researcher with Kaspersky Lab. “Their true, full purpose remains obscure and the identity of the victims and attackers remain unknown.”
What is clear, however, is that there is, in fact, a concerted, state-sponsored cyberwarfare effort targeting Middle Eastern nations. Who exactly is behind it can be debated but all indications are that it is the United States and Israel based on the origins of Stuxnet and the related families of malware.
The development of MiniFlame coincided with that of Flame and unlike other malware, MiniFlame actually “allows the operator direct access to the infected system,” according to Kaspersky.
Writing for CNET, Lance Whitney characterizes MiniFlame as “a cyber espionage program that can take over where Flame leaves off.”
“First, Flame or Gauss are used to infect as many victims as possible to collect large quantities of information,” Kaspersky explains. “After data is collected and reviewed, a potentially interesting victim is defined and identified, and miniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage.”
This seems to be similar to how Duqu and Stuxnet might have been utilized in concert to make targets increasingly vulnerable to attacks.
Kaspersky states that another name for SPE – which they first discovered back in July – other than MiniFlame, is “John.”
While at first they thought MiniFlame was just an earlier version of Flame, upon deeper research last month they discovered that MiniFlame is actually a separate strain of malware built to take advantage of computers infected by Flame and Gauss.
“Gauss used a modular structure resembling that of Flame, a similar code base and system for communicating with command-and-control (C&C) servers, as well as numerous other similarities to Flame,” according to Kaspersky researchers.
MiniFlame is far from simple, according to Kaspersky, seeing as developers likely began work as far back as 2007 and continued working until the end of 2011.
So far six variants of MiniFlame have already been uncovered and chances are more will be found in the near future.
Kaspersky said that the infection rate is relatively low compared to Flame and Gauss with only 50-60 computers worldwide thought to be infected with MiniFlame.
While this might seem great at first, Whitney points out, “But these types of attacks are less focused on quantity and more on hitting specific targets.”
“MiniFlame is a high precision attack tool. Most likely it is a targeted cyberweapon used in what can be defined as the second wave of a cyberattack,” said Kaspersky Lab Chief Security Expert Alexander Gostev in a statement.
“The discovery of miniFlame also gives us additional evidence of the cooperation between the creators of the most notable malicious programs used for cyber warfare operations: Stuxnet, Duqu, Flame, and Gauss,” Gostev added.
Whitney rightly points out that these related strains of malware popping up in high concentrations in the Middle East “are seen as a sign of continued cyberwarfare against Middle East countries. In particular, many analysts believe many of these strains gathered intelligence in Iran and may have been used to sabotage its nuclear-weapons program.”
“With Flame, Gauss, and miniFlame, we have probably only scratched [the] surface of the massive cyber-spy operations ongoing in the Middle East,” wrote a researcher with Kaspersky Lab. “Their true, full purpose remains obscure and the identity of the victims and attackers remain unknown.”
What is clear, however, is that there is, in fact, a concerted, state-sponsored cyberwarfare effort targeting Middle Eastern nations. Who exactly is behind it can be debated but all indications are that it is the United States and Israel based on the origins of Stuxnet and the related families of malware.
No comments:
Post a Comment