https://community.element14.com/learn/publications/w/documents/10053/flame-malware-good-luck-antivirusen-USTelligent Community 12https://community.element14.com/learn/publications/w/documents/10053/flame-malware-good-luck-antivirusFri, 08 Oct 2021 04:56:19 GMT93d5dcb4-84c2-446f-b2cb-99731719e767:a31c5194-5441-43b9-adfc-cd1e77f75b3dDebuggerGuyshttps://community.element14.com/learn/publications/w/documents/10053/flame-malware-good-luck-antivirus#commentsCurrent Revision posted to Documents by DebuggerGuys on 10/8/2021 4:56:19 AM<br /> <p style="margin:0;margin:0 0 15px;font-size:1.3em;font-family:Helvetica, Arial, sans-serif;text-align:-webkit-auto;"><span style="font-family:&#39;trebuchet ms&#39;, geneva;font-size:12pt;">Today&#39;s conventional software to protect PCs and assure they are out of viruses&#39; reach, might be getting outmoded given the discovery made a couple of weeks ago in Middle Eastern countries Iran, Rusia and Hungary.</span></p><p style="margin:0;margin:0 0 15px;font-size:1.3em;font-family:Helvetica, Arial, sans-serif;text-align:-webkit-auto;"><span style="font-family:&#39;trebuchet ms&#39;, geneva;font-size:12pt;">The famous discovery&#39;s name is <a class="jive-link-external-small" href="http://en.wikipedia.org/wiki/Flame_(malware)" rel="nofollow ugc noopener" target="_blank">Flame</a>, it is a powerful malware that has been operating for at least two years on <span style="text-align:-webkit-auto;">targeted cyber espionage</span>, and was quickly declared by Hungary&#39;s <a class="jive-link-external-small" href="http://www.crysys.hu/" rel="nofollow ugc noopener" target="_blank">CrySys Lab</a> as <span style="text-align:-webkit-auto;">&quot;the most complex malware ever found.&quot; </span></span></p><p style="margin:0;margin:0 0 15px;font-size:1.3em;font-family:Helvetica, Arial, sans-serif;text-align:-webkit-auto;"><span style="font-family:&#39;trebuchet ms&#39;, geneva;font-size:12pt;">But what is that makes Flame so deathly for computers and a failure for the antivirus industry?</span></p><p style="margin:0;margin:0 0 15px;font-size:1.3em;font-family:Helvetica, Arial, sans-serif;text-align:-webkit-auto;"><span style="font-family:&#39;trebuchet ms&#39;, geneva;font-size:12pt;">The malware can spread to other systems over LAN or via USB, it copies documents and records audio, keystrokes, network traffic, and even Skype calls, and takes screenshots from infected computers. That information is passed along to one of several command-and-control servers operated by its creators, then it<span style="color:#000000;text-align:-webkit-auto;"> awaits further instructions from these servers. </span>In all that time, no security software raises the alarm.</span></p><p style="margin:0;margin:0 0 15px;font-size:1.3em;font-family:Helvetica, Arial, sans-serif;text-align:-webkit-auto;"><span style="font-family:&#39;trebuchet ms&#39;, geneva;font-size:12pt;">Threats are detected by comparing the code of software programs and their activity against a database of &quot;signatures&quot; for known malware. Security companies such as F-Secure and McAfee constantly research reports of new malware and update their lists of signatures accordingly. The result is supposed to be an impenetrable wall that keeps the bad guys out.<span style="text-align:center;"> </span></span></p><p style="margin:0;margin:0 0 15px;font-size:1.3em;font-family:Helvetica, Arial, sans-serif;text-align:-webkit-auto;"><span style="font-family:&#39;trebuchet ms&#39;, geneva;font-size:12pt;">However, in recent years, high-profile attacks on not just the Iranian government but also the U.S. government have taken place using software that, like Flame, was able to waltz straight past signature-based software. Many technically sophisticated U.S. companies—including Google and the computer security firm <a class="jive-link-external-small" href="http://www.rsa.com/go/gpage.aspx?id=44&amp;activity_id=12503&amp;division=rsa&amp;gclid=CMaTjJHmzrACFQjf4AodmkqHVg" rel="nofollow ugc noopener" target="_blank">RSA</a>—have been targeted in similar ways, with less expensive malware though, for their corporate secrets. Smaller companies are also routinely compromised, experts say.</span></p><p style="margin:0;margin:0 0 15px;font-size:1.3em;font-family:Helvetica, Arial, sans-serif;text-align:-webkit-auto;"><span style="font-family:&#39;trebuchet ms&#39;, geneva;font-size:12pt;">Antivirus companies have been quick to point out that Flame is no ordinary computer virus. It came from the well-resourced world of international espionage. But such cyberweapons cause collateral damage (the <a class="jive-link-external-small" href="http://en.wikipedia.org/wiki/Stuxnet" rel="nofollow ugc noopener" target="_blank">Stuxnet worm</a> targeted at the Iranian nuclear program actually infected an estimated 100,000 computers), and features of their designs are being adopted by criminals and less-resourced groups.</span></p><p style="margin:0;margin:0 0 15px;font-size:1.3em;font-family:Helvetica, Arial, sans-serif;text-align:-webkit-auto;"><a href="http://data.whicdn.com/images/12811100/screen_large.jpg"><img alt="Screen_large" class="jiveImage" src="http://data.whicdn.com/images/12811100/screen_large.jpg" /></a></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: rsa, antivirus, virus, spionage, malware, flame, error</div>