flame

Crippling Stuxnet virus infected Chevron's network too

Stuxnet, the sophisticated computer virus that attacked a nuclear enrichment facility in Iran two years ago, also inadvertently infected Chevron's network.

Reportedly created by the U.S. and Israel, the highly destructive worm was designed to infect Iran's Natanz nuclear facility. Rather than steal data, Stuxnet left a back door meant to be accessed remotely to allow outsiders to stealthily knock the facility offline and at least temporarily cripple Iran's nuclear program.

The oil giant discovered the malware in July 2010 after the virus escaped from its intended target, Mark Koelmel, Chevron's general manager of the … Read more

Newly IDed 'MiniFlame' malware targets individuals for attack

A new form of state-sponsored malware is making the rounds, this one apparently designed specifically to spy on its victims.

Dubbed "MiniFlame" by Kapersky Lab, but also known as SPE, the new malware variant is similar to the Flame virus that targeted computers in the Middle East this past summer. But MiniFlame is a cyber espionage program that can take over where Flame leaves off.

As described by Kaspersky:

First, Flame or Gauss are used to infect as many victims as possible to collect large quantities of information. After data is collected and reviewed, a potentially interesting victim … Read more

Kaspersky reports 3 more Flame-related malware variants

Kaspersky Lab has published an update in its investigation of the Flame cyber-espionage campaign, which the security experts discovered in May.

The research, which Kaspersky conducted in partnership with IMPACT, CERT-Bund/BSI and Symantec, identified traces of three previously undiscovered malicious programs.

Specifically, Symantec has highlighted forensic analysis of two of the command-and-control (C&C) servers behind the W32.Flamer attacks that targeted the Middle East earlier this year.

Here's what the group found after analyzing the C&C servers:

The two servers were set up on March 25, 2012, and May 18, 2012.The servers … Read more

A who's who of Mideast-targeted malware

What's up with all the malware aimed at the Middle East?

For the second time in two weeks a virus outbreak has been reported at an energy company in that region. Qatari liquified natural gas producer RasGas said its corporate network and Web site were down after getting hit by a virus on Monday. Earlier this week the Saudi Aramco oil company confirmed that its network was hit by a virus two weeks ago, shutting down 30,000 workstations. Neither company identified the virus, but in at least one of the cases it is believed to be malware known … Read more

New Gauss and Flame link was a mistake, researchers say

Editor's note: This story and its headline have been updated and corrected to reflect new information provided by the researchers that completely changed their conclusions.

Researchers today said that hackers behind the Gauss cyber-espionage malware targeting banks in the Middle East were directing infected computers to connect to a command-and-control server used by the Flame spyware. However, later in the day they said they were mistaken and that other researchers had control of the server instead.

"In our post earlier today, we concluded that there was some sort of relationship between the Gauss and Flame malware actors based … Read more

Mahdi malware creators add new features

Researchers said today that they have noticed some new features and changes to the data-stealing malware Mahdi and have uncovered a reference to "Flame," which could potentially indicate some connection to the malware of the same name that also has numerous infections in Iran.

"Last night, we received a new version of the #Madi malware. Following the shutdown of the Madi command and control domains last week, we thought the operation is now dead. Looks like we were wrong, Nicolas Brulez of Kaspersky Labs wrote in a post on its SecureList blog.

The new version, compiled just … Read more

Lock down USB drives in Windows with USB Disk Manager

USB drives are convenient for storage and for transferring data to other computers. This convenience also makes them a great delivery system for malware. If you're comfortable with the Windows Registry or know how to set Group Policies, you can lock down your PC's USB drives. A much simpler way is by using USB Disk Manager.

USB Disk Manager is a small Windows program that can help you manage the permissions of USB drives. The portable app doesn't need to be installed and can be run from a folder on your hard drive or from a USB … Read more

Flame can sabotage computers by deleting files, says Symantec

The infamous Flame virus can delete files from a computer and is likely the cause of a cyberattack against Iran in April, according to new findings.

Flame was originally identified for its ability to steal data and capture information from keystrokes, PC displays, and audio conversations.

But a new component of Flame uncovered by security firm Symantec gives its operators the power to delete important files from compromised computer systems, Symantec researcher Vikram Thakur revealed yesterday.

Such power means that the virus can disrupt critical software and "completely disable operating systems," Reuters reported based on Thakur's findings.… Read more

U.S., Israel fired up Flame cyberattack, report says

The U.S. and Israel developed and carried out the Flame virus attacks on Iran, according to a new report.

The Washington Post reports, citing sources, that Flame was the brainchild of the U.S. National Security Agency, the Central Intelligence Agency, and Israel's military. The focus of the malware was to surreptitiously map and monitor Iran's networks to deliver sustained intelligence to the government organizations. That information could then be used for other attacks.

"This is about preparing the battlefield for another type of covert action," an intelligence official told the Washington Post. "Cyber-collection … Read more