Flame, also known as Flamer and Skywiper, is a modular malware discovered in 2012 that attacks computers with the Microsoft Windows operating system. Which was discovered by the Russian company Kaspersky Lab, and they reported that it was a tool that aims to obtain data from Iran, Lebanon, Syria, Sudan and other countries in the Middle East and North Africa.
According to early research and expert warnings, Flame is designed to spy on users of infected computers and steal data, including documents, recorded conversations and typing sequences. It also opens a back door on infected systems to allow attackers to modify the tool and add new functions.
Flame weighs 20 MB and contains multiple libraries, SQLite3 databases and various levels of encryption, as well as 20 plugins that can be swapped to provide different functionalities to attackers. It attracted attention that it includes an LUA virtual machine, an unusual programming language when it comes to malware. Something that in its time incredibly alarmed the experts in this area due to the complexity of this threat.
According to records, it appears to have started operating in March 2010, and remained off the radar of antivirus companies until it was discovered by Kaspersky when the UN Telecommunications Commission asked the company to review some reports from April, where it It indicated that computers from the Ministry of Petroleum and the National Petroleum Company of Iran had been infected with malware that was stealing and deleting information from the systems, thinking that it was another virus called Viper but in reality it was Flame.
Some of the risks that flame applies are:
▸Microphone of an infected computer
This means that this malware allowed to turn on the microphone of an infected computer to record conversations that occur around the computer, or through Skype.
▸Bluetooth
If a computer that had Bluetooth was infected with it, this malware could detect other computers in the vicinity and steal the names and numbers of the contacts
▸Theft through screenshots
This means that when the infected user was for example doing or viewing some important information, the attackers could take screenshots of the machine and send them to the attackers’ servers.
[…] also:Flame – A malware that alarmed everyone in its timeMalicious Scripts – A threat you should […]