Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,155,048 members, 7,825,341 topics. Date: Sunday, 12 May 2024 at 12:00 PM

Cyberwarfare: Flame Deployed Across Computers In The Middle East - Computers - Nairaland

Nairaland Forum / Science/Technology / Computers / Cyberwarfare: Flame Deployed Across Computers In The Middle East (754 Views)

Top 5 Fastest Computers In The World / Nigerians In Diaspora To Produce Computers In Local Languages / How many Computers in Nigeria? (2) (3) (4)

(1) (Reply)

Cyberwarfare: Flame Deployed Across Computers In The Middle East by Nobody: 11:28pm On May 29, 2012
The Flame: Questions and Answers
What exactly is Flame? A worm? A backdoor? What does it do?

Flame is a sophisticated attack toolkit, which is a lot more complex than Duqu. It is a backdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master.

The initial point of entry of Flame is unknown - we suspect it is deployed through targeted attacks; however, we haven’t seen the original vector of how it spreads. We have some suspicions about possible use of the MS10-033 vulnerability, but we cannot confirm this now.

Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on. All this data is available to the operators through the link to Flame’s command-and-control servers.

Later, the operators can choose to upload further modules, which expand Flame’s functionality. There are about 20 modules in total and the purpose of most of them is still being investigated.

How sophisticated is Flame?

First of all, Flame is a huge package of modules comprising almost 20 MB in size when fully deployed. Because of this, it is an extremely difficult piece of malware to analyze. The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a Lua virtual machine.

Lua is a scripting (programming) language, which can very easily be extended and interfaced with C code. Many parts of Flame have high order logic written in Lua - with effective attack subroutines and libraries compiled from C++.

The effective Lua code part is rather small compared to the overall code. Our estimation of development ‘cost’ in Lua is over 3000 lines of code, which for an average developer should take about a month to create and debug



Why are they doing it?

To systematically collect information on the operations of certain nation states in the Middle East, including Iran, Lebanon, Syria, Israel and so on. Here’s a map of the top 7 affected countries:


Read more

(1) (Reply)

Have You Noticed Facebook's Gimmick To Get Us To Use Its E-mail Service? / How To Speed Up A Slow Computer / How To Browse With Samsung Galaxy Gt-n8000 10.1

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 9
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.