‘Flame’ Has Been Lit in Cyberspace – What Consumers Should Know

By on Jun 03, 2012

This week, a new complex malware, known as Flame or Skywyper, was uncovered and has reportedly affected Iran’s energy sector. Currently, this form of cyber warfare appears to only target select businesses and governments. In the chance that cyber criminals change its focus, the McAfee Labs team is actively monitoring any threats to consumers.

The Target (as of June 3):

Businesses and governments in the U.S. and the Middle East.

The Dangers:

The cyber criminals are using command servers to control this form of malware. It is capable of, but not limited to, the following key espionage functions:

– Scanning network resources
– Stealing information as specified
– Communicating to control servers over SSH and HTTPS protocols
– Detecting the presence of over 100 security products (AV, antispyware, FW, etc)
– Using both kernel- and user-mode logic
– Employing complex internal functionality using Windows APC calls and and threads start manipulation, and code injections to key processes
– Loading as part of Winlogon.exe and then injecting itself into Internet Explorer and services
– Concealing its presence as ~ named temp files, just like Stuxnet and Duqu
– Capable of attacking new systems over USB flash memory and local network (spreading slowly)
– Creating screen captures
– Recording voice conversations
– Running on Windows XP, Windows Vista, and Windows 7 systems
– Containing known exploits, such as the print spooler and lnk exploits found in Stuxnet
– Using SQLite database to store collected information
– Using a custom database for attack modules (this is very unusual, but shows the modularity and extendability of the malware)
– Often located on nearby systems: a local network for both control and target infection cases
– Using PE-encrypted resources

Tips to Avoid Being a Victim:

  • For businesses, governments and consumers, McAfee antivirus products will detect and clean the threat as W32/Skywiper from infected systems.
  • Consumers should be aware that most malware infections start the same way as Flame/Skywiper, basically someone clicks on something they shouldn’t have. It is important for them to exercise caution and common sense before they click.
  • Even though this attack is not targeted at consumers, it’s an important reminder to practice good habits and stay on guard. As with other malware infections, McAfee has software that can help protect them if they make a mistake.


About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs