W32.Flamer malware threatens Middle Eastern data security

Tuesday, 29 May, 2012

Symantec is analysing a malware threat that it has labelled W32.Flamer, which the company says has been operating under the radar for at least two years, stealing documents and other user data, primarily from machines in the Middle East.

According to the security vendor, W32.Flamer is on par with well-known threats Stuxnet and Duqu.

Symantec said that like those threats, “this code was not written by a single individual but by an organised well-funded group of personnel with directives. The code includes multiple references to the string ‘FLAME’ which may be indicative of either instances of attacks by various parts of the code, or the malware’s development project name.”

According to the vendor, W32.Flamer has been operating discreetly for at least two years and has the ability to steal documents, take screenshots of users’ desktops, spread via USB drives, disable security vendor products and, under certain conditions, spread to other systems.

Symantec also suggested that W32.Flamer may have the ability to use multiple known and patched vulnerabilities in Microsoft Windows in order to spread across a network.

“Initial telemetry indicates that the targets of this threat are located primarily in the Palestinian West Bank, Hungary, Iran and Lebanon. Other targets include Russia, Austria, Hong Kong and the United Arab Emirates,” a statement form Symantec read.

“The industry sectors or affiliations of individuals targeted are currently unclear. However, initial evidence shows the victims may not all be targeted for the same reason. Many appear targeted for individual personal activities, rather than their company of employment. Interestingly, in addition to particular organisations being targeted, many of the attacked systems appear to be personal computers being used from home internet connections.”

Symantec’s analysis is ongoing and the company will release more information “soon”. In the meantime, the company has collated some information on the threat on its Security Response blog.

Related News

Accurate Background launches Accel platform

Employee screening provider Accurate Background has unveiled a fully Australian-built and -hosted...

Absolute Security buys UEM experts Syxsense

Absolute Security has acquired endpoint and vulnerability management company Syxsense to enable...

Tenable upgrades Nessus risk assessment platform

Tenable has introduced new capabilities to its Nessus vulnerability assessment platform aimed at...

Content from other channels on our network

Batteries of the future charge ahead

Making sensors more sustainable with a greener power source

New understanding of the limits on nano-noise

New discovery aims to improve the design of microelectronic devices

The next leap in semiconductors

Simplifying admin for a family electrical business

Telstra to discuss TasGRN at Comms Connect Melbourne

Singtel and Hitachi aim for sustainable data centres

Full colour lighting for a major stadium

Most Australians clueless about rise of renewables

Government data breaches have increased this year: OAIC

Small IT initiatives delivering greater success for governments

Parliament launches inquiry into public sector AI use

Chinese state-sponsored cyber espionage ring expands activity: report

Cost of living crisis widening the digital divide for government services: report

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd