Skip to main content

Flame

Flame code linked to Stuxnet virus, experts say

posted onJune 13, 2012
by l33tdawg

The Flame cyber-attack that targeted computers across the Middle East has been linked to the Stuxnet worm, which is believed to have been orchestrated by the US and Israel to attack Iranian nuclear centres.

Speaking at the Reuters Global Media and Technology Summit on 11 June, Eugene Kaspersky, chief executive of the Russian security firm that bears his name and which discovered the Flame virus in May, said his team of researchers have found that Flame shares an almost identical piece of code with a 2009 version of Stuxnet.

Flame crypto attack very hard to pull off, researcher says

posted onJune 13, 2012
by l33tdawg

The MD5 collision attack used by the creators of the Flame malware was significantly more difficult to pull off than an earlier attack that resulted in the creation of a rogue CA certificate, says security researcher Alexander Sotirov.

In December 2008, at the Chaos Communication Congress (CCC) in Berlin, an international team of security researchers that included Sotirov presented a practical MD5 collision attack that allowed them to obtain a rogue CA certificate signed by VeriSign-owned RapidSSL.

Crypto breakthrough shows Flame was designed by world-class scientists

posted onJune 8, 2012
by l33tdawg

The Flame espionage malware that infected computers in Iran achieved mathematic breakthroughs that could only have been accomplished by world-class cryptographers, two of the world's foremost cryptography experts said. 

"We have confirmed that Flame uses a yet unknown MD5 chosen-prefix collision attack," Marc Stevens and B.M.M. de Weger wrote in an e-mail posted to a cryptography discussion group earlier this week. "The collision attack itself is very interesting from a scientific viewpoint, and there are already some practical implications."

F-Secure Explains Why It Missed Spotting Flame, Despite Having Seen It Two Years Ago

posted onJune 6, 2012
by l33tdawg

With all the attention on the Flame malware, there's a great post over at Wired by F-Secure's Chief Research Officer, Mikko Hypponen, explaining why various security firms totally missed Flame (and Stuxnet and DuQu) for quite some time -- despite samples having been sent all the way back to 2010. What's refreshing (even as it's surprising) is to see someone so forthright about this being a failure on his part:

'Flame' Cyber-Weapon Lurked for Years

posted onJune 4, 2012
by l33tdawg

The Flame "super-malware" must have been infecting computers for as long as four years and was less invisible to antivirus software than assumed, an analysis by security company AlienVault has concluded.

On the face of its AlienVault's analysis is just another forensic guess after peering at the important mssecmgr.ocx Win32 PE (portable executable) file, which 'exports' a clutch of progamming functions. As pulled apart by the Hungarian CrySys Lab, this contains debug entries suggesting a 2011 creation date.