Skip to main content

'Flame' Cyber-Weapon Lurked for Years

posted onJune 4, 2012
by l33tdawg

The Flame "super-malware" must have been infecting computers for as long as four years and was less invisible to antivirus software than assumed, an analysis by security company AlienVault has concluded.

On the face of its AlienVault's analysis is just another forensic guess after peering at the important mssecmgr.ocx Win32 PE (portable executable) file, which 'exports' a clutch of progamming functions. As pulled apart by the Hungarian CrySys Lab, this contains debug entries suggesting a 2011 creation date.

However, an older version of the same file references a smaller number of functions and comes with a compilation date in 2008, which suggests a longer development timeline for the software. Compellingly, running the MD5 file hashes (think of them as file fingerprints) through the VirusTotal website, which runs suspect files against 40 antivirus products and records the signature of each file as it is doing so, elements of Flame turn out to have popped up on the system in the past.

Source

Tags

Flame Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th