Remarkable Cyber-Spy espionage malware discovered that appears to target Middle East countries

// October 15th, 2012 // Hacking and Security


Kaspersky Lab logoKaspersky Lab has identified another cyber-espionage malware that appears to be part of the Stuxnet, Duqu, Flame, and Gauss malware chain that targeted Middle Eastern countries. They dubbed this new module “miniFlame” due to its integration with Flame and Gauss.  The module serves as a backdoor providing remote functionality for the attackers.

“Flame and Gauss are mostly about data and information stealing. MiniFlame serves as a backdoor which gives the operator direct access to an infected machine. So yes, the functionality and intent is different. If Flame and Gauss were massive spy operations, infecting thousands of users, SPE/miniFlame is a high precision espionage tool.”

They noted that miniFlame appears to function as a module for both Flame and Gauss and assume that it was a part of the espionage operations that took place in multiple waves a while back.

“First wave: infect as many potentially interesting victims as possible. Secondly, data is collected from the victims, allowing the attackers to profile them and find the most interesting targets. Finally, for these ‘select’ targets, a specialized spy tool such as SPE/miniFlame is deployed to conduct surveillance/monitoring.”

They believe that miniFlame is automatically downloaded and installed by Flame and/or Gauss. The malware’s capabilities are mind-blowing:

“MiniFlame is capable of downloading files from a command and control (C&C) server, uploading a file from the machine to the server, loading a specified DLL file, creating a process with given parameters, or taking screen shots of the active window if it belongs to a program from a list. The list of programs targeted by the screen shot functionality includes instant messaging applications, browsers, document editors, development tools and others. A special version of miniFlame, which is installed on a case-by-case basis, is capable of infecting USB drives with a component that collects information from computers in which the drive is subsequently inserted.”

They have found evidence of the miniFlame malware spreading in Labanon, Palestine, Iran, Saudia Arabia, and Qatar. Servers being contact by the malware were located in the United States, France, and Lithuania although Kaspersky notes that some IP addresses they have detected may be proxy servers.

“With Flame, Gauss and miniFlame, we have probably only scratched surface of the massive cyber-spy operations ongoing in the Middle East.”

Sources: Kaspersky Lab, ComputerWorld, CNN
Geek wear at Ivy and Pearl Boutique

« « Previous Article: The top science fiction books of all time according to Reddit geeks     » » Next Article: Monster tree washes ashore near Washington State’s Olympic National Park [PICTURE]

Leave a Reply

You must be logged in to post a comment.

%d bloggers like this: