W32.Flamer malware threatens Middle Eastern data security

Tuesday, 29 May, 2012

Symantec is analysing a malware threat that it has labelled W32.Flamer, which the company says has been operating under the radar for at least two years, stealing documents and other user data, primarily from machines in the Middle East.

According to the security vendor, W32.Flamer is on par with well-known threats Stuxnet and Duqu.

Symantec said that like those threats, “this code was not written by a single individual but by an organised well-funded group of personnel with directives. The code includes multiple references to the string ‘FLAME’ which may be indicative of either instances of attacks by various parts of the code, or the malware’s development project name.”

According to the vendor, W32.Flamer has been operating discreetly for at least two years and has the ability to steal documents, take screenshots of users’ desktops, spread via USB drives, disable security vendor products and, under certain conditions, spread to other systems.

Symantec also suggested that W32.Flamer may have the ability to use multiple known and patched vulnerabilities in Microsoft Windows in order to spread across a network.

“Initial telemetry indicates that the targets of this threat are located primarily in the Palestinian West Bank, Hungary, Iran and Lebanon. Other targets include Russia, Austria, Hong Kong and the United Arab Emirates,” a statement form Symantec read.

“The industry sectors or affiliations of individuals targeted are currently unclear. However, initial evidence shows the victims may not all be targeted for the same reason. Many appear targeted for individual personal activities, rather than their company of employment. Interestingly, in addition to particular organisations being targeted, many of the attacked systems appear to be personal computers being used from home internet connections.”

Symantec’s analysis is ongoing and the company will release more information “soon”. In the meantime, the company has collated some information on the threat on its Security Response blog.

Related News

ISACA identifies gaps in AI knowledge, training and policies

85% of digital trust professionals say they will need to increase their AI skills and knowledge...

VNC accounts for nearly all remote desktop attacks

Virtual Network Computing accounted for 98% of remote desktop attacks recorded by Barracuda last...

Vectra AI expands platform to combat GenAI threats

Vectra AI has announced new enhancements to its AI-driven platform aimed at protecting businesses...

Content from other channels on our network

Ultra-pure silicon chip brings quantum computing a step closer

Low-energy process developed for high-performance solar cells

Wearable health sensor charges without wires or batteries

Enhancing the cyclability of lithium-ion battery cathodes

Experiment could enable millions of qubits on a single chip

Teltronic and Crosscall agree to integrate their solutions

Global 5G connections reached 1.76 billion in 2023

AceComms partners with Hitachi Energy on industrial internet

Unseenlabs plans new satellite constellation for 2026

Comms Connect New Zealand returning to Christchurch

Report exposes unique cybersecurity threats in the public sector

Why SBOMs are critical in the fight against software supply chain attacks

Optimising the value of AI in the public sector

Elastic announces AI-driven attack discovery feature

Vectra AI expands platform to combat GenAI threats

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd