|
Flame, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware discovered in 2012 that attacks computers running the Microsoft Windows operating system.〔 The program is being used for targeted cyber espionage in Middle Eastern countries. Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National, Computer Emergency Response Team (CERT),〔 Kaspersky Lab〔 and CrySyS Lab of the Budapest University of Technology and Economics.〔 The last of these stated in its report that Flame "is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found."〔 Flame can spread to other systems over a local network (LAN) or via USB stick. It can record audio, screenshots, keyboard activity and network traffic.〔 The program also records Skype conversations and can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth-enabled devices.〔 This data, along with locally stored documents, is sent on to one of several command and control servers that are scattered around the world. The program then awaits further instructions from these servers.〔 According to estimates by Kaspersky in May 2012, Flame had initially infected approximately 1,000 machines,〔 with victims including governmental organizations, educational institutions and private individuals.〔 At that time 65% of the infections happened in Iran, Israel, the Palestinian Territories, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt,〔〔 with a "huge majority of targets" within Iran.〔 Flame has also been reported in Europe and North America. Flame supports a "kill" command which wipes all traces of the malware from the computer. The initial infections of Flame stopped operating after its public exposure, and the "kill" command was sent.〔 == History == Flame (a.k.a. Da Flame) was identified in May 2012 by MAHER Center of Iranian National CERT, Kaspersky Lab and CrySyS Lab (Laboratory of Cryptography and System Security) of the Budapest University of Technology and Economics when Kaspersky Lab was asked by the United Nations International Telecommunication Union to investigate reports of a virus affecting Iranian Oil Ministry computers. As Kaspersky Lab investigated, they discovered an MD5 hash and filename that appeared only on customer machines from Middle Eastern nations. After discovering more pieces, researchers dubbed the program "Flame" after one of the main modules inside the toolkit According to Kaspersky, Flame had been operating in the wild since at least February 2010.〔 CrySyS Lab reported that the file name of the main component was observed as early as December 2007.〔 However, its creation date could not be determined directly, as the creation dates for the malware's modules are falsely set to dates as early as 1994.〔 Computer experts consider it the cause of an attack in April 2012 that caused Iranian officials to disconnect their oil terminals from the Internet. At the time the Iranian Students News Agency referred to the malware that caused the attack as "Wiper", a name given to it by the malware's creator. However, Kaspersky Lab believes that Flame may be "a separate infection entirely" from the Wiper malware.〔 Due to the size and complexity of the program—described as "twenty times" more complicated than Stuxnet—the Lab stated that a full analysis could require as long as ten years.〔 On 28 May, Iran's CERT announced that it had developed a detection program and a removal tool for Flame, and had been distributing these to "select organizations" for several weeks.〔 After Flame's exposure in news media, Symantec reported on 8 June that some Flame command and control (C&C) computers had sent a "suicide" command to infected PCs to remove all traces of Flame. According to estimates by Kaspersky in May 2012, initially Flame had infected approximately 1,000 machines,〔 with victims including governmental organizations, educational institutions and private individuals.〔 At that time the countries most affected were Iran, Israel, the Palestinian Territories, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt.〔〔 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Flame (malware)」の詳細全文を読む スポンサード リンク
|