DecryptedTech

Saturday01 October 2022

Displaying items by tag: Flame

News light-virus-1

It appears that the earlier claims from FireEye about a link between Gauss and Flame were a little premature. According to their blog they had found what appeared to be a shared command and control server. This was a significant find as it linked the two serious pieces of malicious code together and would have made Gauss another in the growing list of suspected State-Sponsored cyber-attacks. Unfortunately for FireEye, what they thought was a command and control (CNC) server turned out to be a sinkhole run by Kaspersky Labs.

Published in News
News light-virus-1

Another day another bit of malware hits the internet. This time the malware is a very nasty bit of code and one that you should be very concerned about. The new malware named Shamoon was first reported on Thursday and has the nasty capability to grab user information before attempting to render the system unusable. Both Symantec and Kaspersky have independently reported on the malware and from their reports on the new bug seem to feel it is definitely worth keeping an eye on.

Published in News

208193530There are two things about leaks that always concern me; the content of the leak, who it was leaked to, and … (Ok three things I look at when dealing with leaks) the timing. Now when the leak hit concerning Stuxnet and Duqu we took a look at the information and compared it with some information we were able to dig up including the timing of the attack and a few other factors. The leak seemed to fit the facts. At the time of the leak there was no mention of Flame, any program to gather intelligence, or even hints that there might be more out there.

Published in Editorials

broken-lockIt would appear that the developers of Stuxnet/Duqu and Flame shared at least some source code during development. At least that is what security research firm Kaspersky seems to think. Kaspersky was the company that found the massive bit of malware that was using a compromised Microsoft Terminal Server licensing model to sign certificates for their code. Flame appears to have been a very coordinated espionage attack on Iran and has been in the news thanks to the complexity and functionality that it has.

Published in News

broken-lockWe told you about the new malware threat in Iran (and some other Middle Eastern countries). This is a new and very sophisticated bit of spyware that appears designed to gather intelligence about the state of Iran’s nuclear program. Kaspersky discovered the worm after being asked to check some systems that appeared to be acting strange. This investigation led to the discovery on Flame and the identification of some 20 plug-ins for the malware that can do everything from capture screens, to turning on a system’s microphone to record anything around the system. It is also able to record VoIP communication through applications like Skype.

Published in News

News_light-virus-1An interesting report has popped up about a rather large attack on a group of Middle Eastern countries. The attack (called Flame) appears to be a targeted attack against Iran, Israel, Palestine, Sudan, Syria, Lebanon, Saudi Arabia and Egypt with the most effected being Iran, Palestine, and Israel. The attack was reported by Kaspersky Labs and looks to be intended to collect all kinds of information (not just data on computers). Kaspersky believes that Flame has been operating for at least two years in this region.

Published in News