Monday, May 28, 2012

It slices and dices . . .

SLAP CHOP THIS AIN'T. It's a piece of malware called "Flame". And what a piece it is: compared to Stuxnet, the malware that gutted the digital controllers for Iranian uranium centrifuges, a smallest-you-can-make-it 500Kb, Flame is Godzilla-size, a whopping 20Mb. According to the article in WIRED, "Meet ‘Flame’, The Massive Spy Malware Infiltrating Iranian Computers", Flame is like a Cuisinart, with function modules for slicing, dicing.

Vince, baby
doin' his Slap Chop shtick.
A scary amount of creative thought went into building this nasty. While it's "large", it's a high-speed web-world/intranet/LAN/Bluetooth world, so a 20 Mb download can slip through quite easily to a targeted computer. Unlike just about every other piece of malware found to date, Flame has some discretion in just which machines will get a dose in their DOS, so to speak.

Among Flame’s many modules is one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity; a module that turns Bluetooth-enabled computers into a Bluetooth beacon, which scans for other Bluetooth-enabled devices in the vicinity to siphon names and phone numbers from their contacts folder; and a module that grabs and stores frequent screenshots of activity on the machine, such as instant-messaging and email communications, and sends them via a covert SSL channel to the attackers’ command-and-control servers.
The malware also has a sniffer component that can scan all of the traffic on an infected machine’s local network and collect usernames and password hashes that are transmitted across the network. The attackers appear to use this component to hijack administrative accounts and gain high-level privileges to other machines and parts of the network.


Good to know that's all
they're looking for.
Mahmoud Ahmadinejad (aka I-Need-A-Dinner-Jacket) and the mullahs of Qom must be feeling a little transparent, these days, but chances are they're starting to feel a little better, Iran’s Computer Emergency Response Team just announced that it had developed a detector to uncover what it calls the “Flamer” malware on infected machines and delivered it to select organizations at the beginning of May. Problem is, Flame has been probably burning for over two years; it's not on a lot of computers — they hope. Malware's like murder: the perfect ones you never know about.


Now, why the hell should you care? Well, suppose Vickie's people decided that Canada needed a "Maple Flame" for domestic consumption? Remember, while they may be rude and crude, Vickie and the gang brought us Robo-calls and other digital folderol, and it seems they have a knack for creating enemies lists, and Flame is used in a targeted fashion. Forewarned is five-armed; even paranoids have enemies.

4 comments:

Purple library guy said...

Man, those Iranians need to start using Linux.

Steve said...

No one ever considers blowback.

http://thinkingaboot.blogspot.ca/2011/05/never-consider-blowback.html

DFH said...

Fascinating.

Steve said...

Looks like the idiot who ordered this has been revealed.
http://www.zerohedge.com/news/obama-ordered-code-stux#comment-2484426