1. Off late
there has been the much talked FLAME Virus in the IT Sec community.Few clean
shots about FLAME in a point wise crisp format :
- Flame was first detected back
in 2010 by Kaspersky
Labs completely by accident.
- Flame is
terribly complex for a piece of malware. 20 times bigger than Stuxnet.
- Its
about 20MB package and is still being analyzed.
- The Stuxnet attack that damaged Iranian nuclear facilities last year is
barebones by
comparison.
- Kaspersky
assumes it was built by government scientists, but no one knows which
government.
- Flame
gathers a huge amount of data from infected systems, but it has been hard to sort
out where it is all going.
- Dozens
of control servers have been located, but the domains associated with them are
registered with fake identities.
- Flame
steals hard drive contents, screenshots, and keystrokes.
- Can also
use the system microphone and Bluetooth radio to suck in more data.
- To save
on bandwidth, Flame may delete itself from systems that have been fully
exploited. This is part of what made the infection hard to detect.
-
- Has
incredible abilities to monitor in-boxes, take screen grabs, even record audio
of conversations happening near the computer.
- The
entire virus had been pieced together like a LEGO creation, one part building
on another. Things could actually be added onto the spyware after it was
already on an infected computer, giving the developer enormous freedom to
tinker at will.
- One
specific example is with a Bluetooth module, which allowed the spyware to be
spread to other devices.
- The two
most popular ways are to send you an e-mail with an attachment, and a Web-based
or drive by download that gets you to a malware website.
- Another favourite
way to get you is through social media websites. Attackers are so savvy that
they now troll your "friends" list and generate an e-mail that looks
like it's coming from you, so what friend wouldn't click on it, right?
- Microsoft
has revealed that the virus gained a foothold by spoofing one of its own
security certificates.
- The computer virus is on the loose in Iran and other parts
of the Middle East, infecting PCs and stealing sensitive data.
- Flame is
basically a backdoor and a Trojan with worm-like features.
- Consider
this: It took several months to analyze the 500K code of Stuxnet. It will
probably take year to fully understand the 20MB of code of Flame.