Rebecca Black Tech

A couple copypastad segments from various articles.

>According to experts at internet security company Kaspersky who first detected the virus, Flame was most likely created by a state actor, and is capable of transferring files, screenshots, audio recordings and keystrokes from infected computers.

>Ilan Proimovich, Kaspersky’s representative in Israel, told Army Radio that the worm “does not operate independently, but is controlled by a remote computer, and thus only when it receives an order does it start working. For this reason, it is difficult to detect, because it is not always active.”

>Calling it a “masterpiece of programming,” he said it was sophisticated enough to change its characteristics and develop according to orders.

>Iran’s MAHER Center, which refers to the virus as “Flamer,” said that the attack “has caused substantial damage” and that “massive amounts of data have been compromised and lost.”

>Unlike the Stuxnet virus that was previously used to disrupt Iranian systems, Flame does not disrupt or terminate systems, Professor Yitzhak Ben Yisrael, the former head of the Administration for the Development of Weapons and the Technological Industry told an Israeli newspaper.
“According to Ben Yisrael, while the source of the software is unknown, ‘its aim is clear – collecting intelligence. The professor added that the spyware acts like a worm, jumping from one computer to another, and that it is impossible to locate the destination of the data that was copied,” Yediot Ahronot said.

>The Russian-based internet security firm says a powerful computer virus with unprecedented data-snatching capabilities has attacked machines in Iran and elsewhere in the Middle East.

>> Anonymous Tue May 29 21:25:16 2012 No.25181976
Quoted by: >>25181986 >>25182052 >>25182648

>>OP

>Kaspersky said in a release posted on its website that “the complexity and functionality of the newly discovered malicious programme exceed those of all other cyber menaces known to date”.

>It said preliminary findings suggest the virus has been active since March 2010, but eluded detection because it of its “extreme complexity” and the fact that only selected computers are being targeted. Flame’s primary purpose, it said, “appears to be cyber espionage, by stealing information from infected machines” and sending it to servers across the world.

>Iranian experts said that Flame was able to overcome 43 different anti-virus programs.

>It said the main task of Flame is cyber espionage, meaning it steals information from infected machines including documents, screenshots and even audio recordings. It then sends the data to servers all over the world.

>Flame is “actively being used as a cyberweapon attacking entities in several countries,” Kaspersky said in a statement late on Monday. Flame is “one of the most advanced and complete attack-toolkits ever discovered.”

>”The complexity and functionality of the newly discovered malicious programme exceed those of all other cyber menaces known to date,” it added.

>Comparing Flame to Stuxnet, Reuters reports experts finding the virus has 20 times more code. Compared to most computer viruses that steal financial information, Flame has 100 times more code. Kaspersky Labs found it exploits a vulnerability in Windows, like Stuxnet. BBC reports that this newly discovered virus is being called “one of the most complex threats ever discovered.” Here’s a few more on the details being reported about the virus from Reuters:

>> Anonymous Tue May 29 21:26:46 2012 No.25181986
Quoted by: >>25182121 >>25182512

>>25181976

>Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.

>Kaspersky Lab said Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and that both viruses employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, [Kapersky Lab senior researcher Roel] Schouwenberg said.

Also, this snippet of code from the virus was released by Kaspersky:

assert(loadstring( config.get(“LUA.LIBS.STD”)))()
if not _params.table_ext then
assert(loadstring(config.get(“LUA.LIBS.table_ext”)))()
if not __LIB_FLAME_PROPS_LOADED__ then
LIB FLAME PROPS_LOADED__ = true
flame_props = ()
flame_props FLAME_ID_CONFIG_KEY = MANAGER.FLAME_ID”
flame_props FLAME_TIME_CONFIG_KEY = TIMER.NUM_OF_SECS”
flame_props FLAME_LOG_PERCENTAGE = “LEAK.LOG_PERCENTAGE”
flame_props FLAME_VERSION_CONFIG_KEY = “MANAGER.FLAME_VERSION”
flame_props SUCCESSFUL_INTERNET_TIMES_CONFIG = “GATOR.INTERNET_CH”
flame_props INTERNET_CHECK_KEY = “CONNECTION_TIME”
flame_props BPS_CONFIG = “GATOR.LEAK.BANDWIDTH_CALCULATOR.BPS_QUE”
flame_props BPS_KEY = “BPS”
flame_props PROXY_SERVER_KEY = GATOR.PROXY_DATA.PROXY_SERVER”
flame_props getFlameID = function()
if config.haskey(flame_props.FLAME_ID_CONFIG_KEY) then
local 1_1_0 = config.get
local 1_1_1 = flame_props.FLAME_ID_CONFIG_KEY
return 1_1_0(1_1_1)
end
return nil

http://en.wikipedia.org/wiki/Unit_8200