U.N. Alert Issued for 'Flame' Cyber-Spying MalwareBy CIOinsight | Posted 05-30-2012
The United Nations' International Telecommunication Union is warning member nations to be on guard for the newly identified Flame malware, according to a report.
Also known as Skywiper and Flamer, the malware has been discovered on systems in the Middle East, and has hit Iran the hardest. The discovery prompted Iran's National Computer Emergency Response Team to issue an alert stating the malware was tied to multiple incidents of "mass data loss" in the country's computer networks.
Thought to be a tool for cyber-espionage, security researchers say the malware has been traced back to at least 2010, with experts at the Laboratory of Cryptography and System Security (CrySys) at the Budapest University of Technology and Economics stating it may have been operational for five years or more.
According to Kaspersky Lab, Flame is a backdoor Trojan with worm-like features that allow it to propagate itself on local networks and removable media. When a system is infected, the malware is capable of a number of operations, including taking screenshots, recording audio conversations and intercepting network traffic.
When all of its modules are installed, the malware takes up 20 MB in data storage. To perform a quick manual check for Flame, users can search for the file DEB93D.tmp. If it is present, the computer either is or has been infected with flame, Gostev blogged today. Also, users can check the registry key HKLM_SYSTEM CurrentControlSet Control Lsa Authentication Packages. If mssecmgr.ocx or authpack.ocx is present, this is another indication the computer is infected.
To read the original eWeek article, click here: U.N. Warns Member Countries of 'Flame' Cyber-Spying Malware