W32.Flamer malware threatens Middle Eastern data security

Tuesday, 29 May, 2012

Symantec is analysing a malware threat that it has labelled W32.Flamer, which the company says has been operating under the radar for at least two years, stealing documents and other user data, primarily from machines in the Middle East.

According to the security vendor, W32.Flamer is on par with well-known threats Stuxnet and Duqu.

Symantec said that like those threats, “this code was not written by a single individual but by an organised well-funded group of personnel with directives. The code includes multiple references to the string ‘FLAME’ which may be indicative of either instances of attacks by various parts of the code, or the malware’s development project name.”

According to the vendor, W32.Flamer has been operating discreetly for at least two years and has the ability to steal documents, take screenshots of users’ desktops, spread via USB drives, disable security vendor products and, under certain conditions, spread to other systems.

Symantec also suggested that W32.Flamer may have the ability to use multiple known and patched vulnerabilities in Microsoft Windows in order to spread across a network.

“Initial telemetry indicates that the targets of this threat are located primarily in the Palestinian West Bank, Hungary, Iran and Lebanon. Other targets include Russia, Austria, Hong Kong and the United Arab Emirates,” a statement form Symantec read.

“The industry sectors or affiliations of individuals targeted are currently unclear. However, initial evidence shows the victims may not all be targeted for the same reason. Many appear targeted for individual personal activities, rather than their company of employment. Interestingly, in addition to particular organisations being targeted, many of the attacked systems appear to be personal computers being used from home internet connections.”

Symantec’s analysis is ongoing and the company will release more information “soon”. In the meantime, the company has collated some information on the threat on its Security Response blog.

Related News

Absolute Security buys UEM experts Syxsense

Absolute Security has acquired endpoint and vulnerability management company Syxsense to enable...

Tenable upgrades Nessus risk assessment platform

Tenable has introduced new capabilities to its Nessus vulnerability assessment platform aimed at...

Rubrik teams with Cisco to enhance data security

Rubrik has arranged to have all its products made available through the Cisco SolutionsPlus...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd