Bride of Stuxnet

[SrWoodchuck]

http://www.weeklystandard.com/:

 

Bride of Stuxnet

Webcraft as spycraft.

Jun 11, 2012, Vol. 17, No. 37 • By JONATHAN V. LAST

 

No one is sure how long Flame has been operational. There is evidence of its existence in the wild dating to March 2010, but Flame may be older than that.

Neither are analysts certain exactly how Flame spreads. It has the ability to move from one computer to another by piggybacking onto a USB flash drive (just like Stuxnet). Alternately, it can migrate across a local network by exploiting a shared printer (again, like Stuxnet). But Flame is also able to spread across a network without a printer if it finds itself on a computer that has administrative privileges. When that happens, the worm is smart enough to create backdoor accounts for all the other computers on the network and copy itself into those machines.

As for the question of security​—​how does Flame talk its way past the computer’s antivirus protections? No one knows. The techs at Kaspersky Lab watched Flame attack a PC running the fully updated Windows 7 security suite. The worm took over the computer effortlessly. This suggests that the worm’s designers have access to one or more vulnerabilities in the operating system that even the people who designed the OS don’t know about.

Flame, on the other hand, is a study in stealth and patience. Unlike Stuxnet, with its single-minded search for a specific computer system, Flame seems to have wandered in many directions: onto computers used by governments, universities, and private companies. It moved slowly, and the overall number of infected systems seems to be quite low. Current estimates put it at 1,000 computers, nearly all of them located in Iran, the Palestinian territories, Sudan, Syria, and Lebanon. Flame kept the number of infections low because it never moved from one computer to another without explicit instructions from its C&C.

..........once Flame was running, it was like something out of science fiction. Flame could watch a target even when he was completely alone. It could listen to every word he said on the telephone, or through Skype, or to a colleague walking past his desk. It could rifle through his computer files and find any document. Or peek into a cell phone sitting in someone’s pocket in the next room. It never had to worry about getting caught in the act. And on a moment’s notice, it could erase any sign that it was ever there. It kept up constant communication with its handlers, even when they were thousands of miles away, and it always followed orders.

-------------------------------------------------------------------------------------------------------------------------

 

H/T: TheFeralIrishman/WeaselZippers & TheWeeklyStandard

[raygun]

Comodo Internet Security will kick that crap in the nuts.

[SrWoodchuck]

H/T:BonedJello