Earlier this year, the Flame virus made headlines when it was discovered stealing sensitive information from servers across the Middle East. The malware was designed to infiltrate computer systems for espionage purposes and was capable of a wide range of functions, but what made it unique was its level of complexity. Security researchers said the program was likely the work of state-sponsored programmers considering the level of sophistication.
Researchers from security companies Kaspersky and Symantec have now uncovered new evidence that indicates the developers behind Flame may be responsible for three similar programs, with at least one still in operation. Although the remaining malware has yet to be identified, the complexity found within the Flame platform makes these programs a significant Internet security threat.
The discovery was made by analyzing the command and control (C&C) servers responsible for Flame. The developers took steps to disguise their C&C servers as mundane content management systems, but they made several coding mistakes that allowed security experts to gather a significant amount of data once the servers had been found. In addition to tracing development back to 2006, researchers discovered that one of the servers collected five gigabytes worth of data from more than 5,000 machines each week.
Another important finding is the existence of a protocol that was not yet implemented to any malicious programs. Researchers speculated that this may indicate that the Flame platform is still in development.
Small-scale malware espionage
Although Flame was notable for both its functionality and reach, it isn't the only virus that has been created for espionage. The software black market has a variety of tools available to hackers, and certain combinations of those programs have been doing the job of Flame for years, as CSO columnist Brandon Gregg noted.
"Known as RATs, or remote access tools, these programs are as complex and extraordinary as Flame in their data stealing abilities," Gregg wrote. "Paid and free programs are available that can capture the users' screenshots and keystrokes, download files, view webcams, listen to laptop microphones, and offer other features that allow you full control on the user's system unbeknownst to them."
Another supposedly unique feature of Flame is the ability to infect Bluetooth devices and use them to track users. However, Gregg pointed out the existence of earlier software that could allow an attacker to listen in on smartphone calls and tap into a Bluetooth device's GPS system, suggesting that Flame's capabilities are not as new as many seem to think.
Security News from SimplySecurity.com by Trend Micro