'Flame' Cyber-Weapon Lurked for Years
The Flame "super-malware" must have been infecting computers for as long as four years and was less invisible to antivirus software than assumed, an analysis by security company AlienVault has concluded.
On the face of its AlienVault's analysis is just another forensic guess after peering at the important mssecmgr.ocx Win32 PE (portable executable) file, which 'exports' a clutch of progamming functions. As pulled apart by the Hungarian CrySys Lab, this contains debug entries suggesting a 2011 creation date.
However, an older version of the same file references a smaller number of functions and comes with a compilation date in 2008, which suggests a longer development timeline for the software. Compellingly, running the MD5 file hashes (think of them as file fingerprints) through the VirusTotal website, which runs suspect files against 40 antivirus products and records the signature of each file as it is doing so, elements of Flame turn out to have popped up on the system in the past.