FLAME Malware Heats Up The Threat Landscape
We were alerted to reports about the info stealing malware Flame, which has reportedly been seen in Iran and certain countries since 2010. Dubbed the most sophisticated malware, Flame is capable of performing several information stealing techniques, including capturing screen shots, and recording audio via the affected computer’s microphone. Because of its scope and specific targets, Flame has drawn comparison to other notorious threats such as Stuxnet. Stuxnet, malware that surfaced in 2010, targets SCADA systems.
Trend Micro detects Flame malware as WORM_FLAMER.A. In our on-going analysis, we’ve found that this worm spreads via removable drives. It is also capable of spreading to other computers in a local network when one machine within that network is infected. Other significant routines of this worm include its ability to terminate running processes that are mostly anti-malware/firewall/security-related, capturing screen shots and audio recording, propagation, and its ability to log and report its activities.
Trend Micro protects users from WORM_FLAMER.A by detecting and removing it from affected computers. The configuration files, TROJ_FLAMER.CFG, used by this worm are also detected and removed from systems. We will regularly update you in succeeding blog entries as we find more results in our investigation.
Update as of May 29, 2012, 8:54 PM PST
In addition to detecting WORM_FLAMER.A and its configuration files, Trend Micro also blocks access to all found related URLs as we move forward with our investigation.
Post from: TrendLabs | Malware Blog – by Trend Micro