It’s a dawn of new era for malware and for makers of prevention engines also. The malware is termed Flame malware with technical name of Worm.Win32.Flame and it is something what security software companies has never seen before. It redefined the definition malware.
What is a malware ?
It is type of software program which causes unauthorized action in your computer to either steal data or cripple the system for performing certain task.
Goal of malware ?
In today’s world, economic purpose is the main goal of malware industry to steal data and use the data for financial gain for the maker.
The why is Flame malware so different ?
Flame is more than 20MB in size compare to most malware of few KB.
STUXNET was 500k and it took six months for Kaspersky LAB to analyse the code fully to understand the full operational process, where as the Flame is more than 20MB and its creators are still adding modules in it.
It’s more like a software,
- written using different programming language
- maintaining it’s own data base using SQL-Lite engine and library
- Having different modules to perform different tasks.
- Storing data using different compression format and method
- Installing modules from command server at controllers will
- Not infecting like a virus rather waiting for command server to guide on infection process and selection process.
- Steals data via using on board microphone recording, using host’s Bluetooth to force connect available devices in it’s range to steal data from those mobile devices. Takes screen shots when host is running specific software like IM client or certain other (still unknown) applications.
Usually the malware makers make the software to be viral where it just keeps on infecting where as incase of Flame, the so far Kaspersky and other security software agency can find only a handful of PC, less than a thousand in number which got infected.
The Flame worm waits for the controller to decide its infection process rather than giving it the free will to go on and infect.
Who made it and why it was made ?
No one knows for sure. Since it’s complexity and targeted audience is a key to understand the reason for which it was made, best guess points to west and to some western ally. Iran at many occasion pointed it’s finger towards Israel and USA.
Why fear it ?
Though till now this particular worm did no harm to common users, but just like security software makers, the major malware creators around the world is also busy at decoding the Flame malware to understand and learn from it to use those learning in future common malware.
Flame is so much sophisticated that it was unnoticed by every single security firm and software years of it’s activity and it uses such complex method that still today’s Anti Virus software would be useless to detect it left alone the prevention.
So once the methodology is decoded, expect similar type of malware targeting common users and with deadly effects !!
Kaspersky is leading the research into Flame Worm and keeping the online security world updated with regular blog posts with more and more details about the worm as they uncover it.