W32.Flamer malware threatens Middle Eastern data security

Tuesday, 29 May, 2012

Symantec is analysing a malware threat that it has labelled W32.Flamer, which the company says has been operating under the radar for at least two years, stealing documents and other user data, primarily from machines in the Middle East.

According to the security vendor, W32.Flamer is on par with well-known threats Stuxnet and Duqu.

Symantec said that like those threats, “this code was not written by a single individual but by an organised well-funded group of personnel with directives. The code includes multiple references to the string ‘FLAME’ which may be indicative of either instances of attacks by various parts of the code, or the malware’s development project name.”

According to the vendor, W32.Flamer has been operating discreetly for at least two years and has the ability to steal documents, take screenshots of users’ desktops, spread via USB drives, disable security vendor products and, under certain conditions, spread to other systems.

Symantec also suggested that W32.Flamer may have the ability to use multiple known and patched vulnerabilities in Microsoft Windows in order to spread across a network.

“Initial telemetry indicates that the targets of this threat are located primarily in the Palestinian West Bank, Hungary, Iran and Lebanon. Other targets include Russia, Austria, Hong Kong and the United Arab Emirates,” a statement form Symantec read.

“The industry sectors or affiliations of individuals targeted are currently unclear. However, initial evidence shows the victims may not all be targeted for the same reason. Many appear targeted for individual personal activities, rather than their company of employment. Interestingly, in addition to particular organisations being targeted, many of the attacked systems appear to be personal computers being used from home internet connections.”

Symantec’s analysis is ongoing and the company will release more information “soon”. In the meantime, the company has collated some information on the threat on its Security Response blog.

Related News

Absolute Security buys UEM experts Syxsense

Absolute Security has acquired endpoint and vulnerability management company Syxsense to enable...

Tenable upgrades Nessus risk assessment platform

Tenable has introduced new capabilities to its Nessus vulnerability assessment platform aimed at...

Rubrik teams with Cisco to enhance data security

Rubrik has arranged to have all its products made available through the Cisco SolutionsPlus...

Content from other channels on our network

Comms Connect plenary preview: the future of PSMB in Australia

A Vision-Driven and Customer-Focused Future in Critical Communications

2D metamaterial breakthrough could improve satellite comms

Connectivity boost for WA, but remote Australians still left behind

ARCIA update: AGM highlights

Telstra to discuss TasGRN at Comms Connect Melbourne

Singtel and Hitachi aim for sustainable data centres

Full colour lighting for a major stadium

Most Australians clueless about rise of renewables

Comms Connect coming to Melbourne

Making sensors more sustainable with a greener power source

New discovery aims to improve the design of microelectronic devices

New understanding of the limits on nano-noise

The next leap in semiconductors

Electronex Sydney a major success

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd