«
»

Flamer: A New And Scary Marware Threat

There seems to be a new marware threat making the rounds in the Middle East. Called Flamer, it’s not your average piece of Marware according to Symantec:

The complexity of the code within this threat is at par with that seen in Stuxnet and Duqu, arguably the two most complex pieces of malware we have analyzed to date. As with the previous two threats, this code was not likely to have been written by a single individual but by an organized, well-funded group of people working to a clear set of directives. Certain file names associated with the threat are identical to those described in an incident involving the Iranian Oil Ministry.

While our analysis is currently ongoing, the primary functionality is to obtain information and data. Initial telemetry indicates that the targets of this threat are located primarily in Eastern Europe and the Middle East. The industry sectors or affiliations of the individuals targeted are currently unclear. However, initial evidence indicates that the victims may not all be targeted for the same reason. Many appear to be targeted for individual personal activities rather than the company they are employed by. Symantec detects this threat as W32.Flamer.

Lovely. Keep in mind that it may be in the Middle East today, but it will be elsewhere tomorrow. So what does this marware do? Here’s a description:

The overall functionality includes the ability to steal documents, take screenshots of users’ desktops, spread through removable drives, and disable security products. Additionally, under certain conditions, the threat may also have the ability to leverage multiple known and patched vulnerabilities in Microsoft Windows in order to spread across a network.

The take home message? Make sure your security software is up to date and make sure that your computer is fully patched.

This entry was posted on May 28, 2012 at 9:20 pm and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Flamer: A New And Scary Marware Threat”

  1. Alin Vlad (@amvlad) Says:
    May 29, 2012 at 8:32 am

    Hey guys,

    Just wanted to let you know that Bitdefender released a tool to find and remove this complex spy tool.

    To determine whether your computer is infected with Flamer, download the Bitdefender removal tool from: hhttp://labs.bitdefender.com/2012/05/cyber-espionage-reaches-new-levels-with-flamer/

    Reply

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading