W32.Flamer malware threatens Middle Eastern data security

Tuesday, 29 May, 2012

Symantec is analysing a malware threat that it has labelled W32.Flamer, which the company says has been operating under the radar for at least two years, stealing documents and other user data, primarily from machines in the Middle East.

According to the security vendor, W32.Flamer is on par with well-known threats Stuxnet and Duqu.

Symantec said that like those threats, “this code was not written by a single individual but by an organised well-funded group of personnel with directives. The code includes multiple references to the string ‘FLAME’ which may be indicative of either instances of attacks by various parts of the code, or the malware’s development project name.”

According to the vendor, W32.Flamer has been operating discreetly for at least two years and has the ability to steal documents, take screenshots of users’ desktops, spread via USB drives, disable security vendor products and, under certain conditions, spread to other systems.

Symantec also suggested that W32.Flamer may have the ability to use multiple known and patched vulnerabilities in Microsoft Windows in order to spread across a network.

“Initial telemetry indicates that the targets of this threat are located primarily in the Palestinian West Bank, Hungary, Iran and Lebanon. Other targets include Russia, Austria, Hong Kong and the United Arab Emirates,” a statement form Symantec read.

“The industry sectors or affiliations of individuals targeted are currently unclear. However, initial evidence shows the victims may not all be targeted for the same reason. Many appear targeted for individual personal activities, rather than their company of employment. Interestingly, in addition to particular organisations being targeted, many of the attacked systems appear to be personal computers being used from home internet connections.”

Symantec’s analysis is ongoing and the company will release more information “soon”. In the meantime, the company has collated some information on the threat on its Security Response blog.

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...

Content from other channels on our network

Electron microscopy reveals colours of outermost electron layer

Theory reveals the shape of a single photon

Wearable generator powers electronics by body movements

Ion speed record holds potential for faster battery charging

New haptic patch transmits complexity of touch to the skin

Building secure AI: a critical guardrail for Australian policymakers

Streamlining ITSM does not require more staff: report

Shoalhaven City Council strengthens disaster recovery and security with Azure

DVA enlists TechnologyOne for digital transformation upgrade

Meeting modern citizens' needs with AI-powered government services

Communication interoperability is vital to silo-free public safety comms

Nokia selected to deploy 4G and 5G equipment in India

Optimising RF connector selection: technical considerations for signal integrity

Govt funds mobile coverage boost for regional Vic, NSW

ARCIA update: that's a wrap for 2024

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd