ID: IRCNE2012061519
Date: 2012-06-12
According to “ITPro”, the Flame virus has been ordered to self destruct, it has been claimed. The malware was uncovered last month and was described as one of the most complex pieces of malicious software ever to be released.
The malware is capable of stealing data from targeted systems, stored files, contact data and audio conversations. The malware operates by stealing data from infected machines, which is then passed onto a network of command-and-control servers located across the world.
However, rival anti-virus vendor Symantec claims these servers recently out an “updated command” to the computers that have already been compromised by Flame, ordering them to delete the malware.
In a blog post, announcing the discovery, Symantec said the command would have prompted the servers to ship a file called browse32.ocx, which is effectively a Flame uninstaller. “It locates every file on disk, removes it, and subsequently overwrites the disk with random characters to prevent anyone from obtaining information about the infection,” said the blog post. “It tries to leave no traces of the infection behind.”
Symantec claim the file was created around three weeks before the news of Flame’s existence first broke and was still being sent out to compromised machines last week.
“The existence of this module is interesting in itself. Previously analyzed [Flame] code showed us a component named SUICIDE, which is functionally similar to browse32.ocx," added Symantec.
"It is unknown why the malware authors decided not to use the SUICIDE functionality, and instead make Flame perform explicit actions based on a new module.”
Related Links:
Microsoft Emergency Update
Identification of a New Targeted Cyber-Attack
- 2