Flamer: highly sophisticated and discreet threat targets the Middle East

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Flamer: highly sophisticated and discreet threat targets the Middle East
Botnet Flamer
Malware Flame_(bot)
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2012 /
Editor/Conference Symantec
Link http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet-threat-targets-middle-east (Archive copy)


Over the past few days, we have been analyzing a potential new threat that has been operating discreetly for at least two years. We were contacted about this threat by Crysys who have released their own analysis. (The threat is referred to by CrySys as 'Skywiper'). There are indications that W32.Flamer is also the same threat as described recently by the Iranian national cert. Our analysis of the retrieved samples reveals complex code that utilizes several components. At first glance, the executable appears to be benign but further inspection reveals cleverly concealed malicious functionality.

The complexity of the code within this threat is at par with that seen in Stuxnet and Duqu, arguably the two most complex pieces of malware we have analyzed to date. As with the previous two threats, this code was not likely to have been written by a single individual but by an organized, well-funded group of people working to a clear set of directives. Certain file names associated with the threat are identical to those described in an incident involving the Iranian Oil Ministry.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1016,
   editor = {Symantec},
   author = {},
   title = {Flamer: highly sophisticated and discreet threat targets the Middle East},
   date = {30},
   month = May,
   year = {2012},
   howpublished = {\url{http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet-threat-targets-middle-east}},