“We can assume that this program was part of the same operation as the Flame and Gauss, and that the operation was carried out in several waves,” Kaspersky told.

In the first wave as many computers as possible was infected. They were used to collect information to attack important targets.

Source: http://www.tietoviikko.fi/kaikki_uutiset/tietoturvayritys+loysi+vakoiluohjelma+flamen+pikkuveljen/a847541?s=r&wtm=tietoviikko/-16102012&

SECURITY OUTFIT Kaspersky Lab has discovered three Flame spyware related malware threats that it said use “sophisticated encryption methods”.

“Sophisticated encryption methods were utilised so that no one, but the attackers, could obtain the data uploaded from infected machines,” the firm’s statement read.

Following the discovery of the three new related programs, Kaspersky’s chief malware expert Vitaly Kamluk told The INQUIRER that Flame is not the only one in this big family.

“There are others and they aren’t just other known malwares such as Stuxnet, Gauss or Duqu,” he said. “They stay in the shadows and no one has published anything about them yet. Others were probably used for different campaigns.”

Kamluk added that it is “very possible” there are more than the three listed in Kaspersky’s report.

Forensic analysis of two command-and-control servers behind the Flame espionage worm has revealed that the infamous malware has been around for longer than suspected

Flame was built by a group of at least four developers as early at December 2006, according to freshly published joint research by Symantec, Kaspersky Lab and the United Nations’ International Telecommunication Union.

Over the last six years, the team behind Flame used the command servers to communicate with the malware on the compromised machines and order them to launch attacks

C&C servers were disguised to look like a common content management system

“They [the command servers] are all dead,”

There’s no evidence to suggest that Flame’s command servers were used to control other known cyber-weapons – such as Stuxnet or Gauss – but they were used to operate a mystery malware strain, codenamed “SPE” by its authors.

Unnamed US officials told the Washington Post that Flame was created as part of the same covert programme that spawned cyber-weapon weapon Stuxnet, codenamed Olympic Games. Flame was described as a reconnaissance tool that was used to map networks associated with Iran’s controversial nuclear enrichment programme. This information was used by Stuxnet to target its nuke centrifuge cyber-sabotage mission.

Computer security biz FireEye has withdrawn claims that the Gauss and Flame super-viruses may be linked.

This is after it emerged that what FireEye had thought was a shared command-and-control server, used to send instructions to PCs compromised by the malware, was actually a “sinkhole” maintained by rival researchers at Kaspersky Lab.

FireEye had noticed communications from both virus strains were heading to the same IP address – but this was a system set up by the Russian lab, which had asked DNS providers to redirect data sent from the two software nasties so as to examine their network traffic.

“In light of new information shared by the security community, we now know that our original conclusions were incorrect and we cannot associate these two malware families based solely upon these common CnC coordinates,” FireEye researchers conceded in an updated blog post.

Hayden was director of the CIA from April 2005 to May 2006. Before that, he was the head of NSA since 1999.

Source: http://www.itviikko.fi/uutiset/2012/03/05/entinen-cia-johtaja-tykkaa-stuxnetista/201224554/7

The United States and Israel are responsible for developing the sophisticated espionage rootkit known as Flame, according to anonymous Western sources quoted in a news report.

The malware was designed to provide intelligence about Iran’s computer networks and spy on Iranian officials through their computers as part of an ongoing cyberwarfare campaign, according to the Washington Post.

The program was a joint effort of the National Security Agency, the CIA and Israel’s military, which also produced the Stuxnet worm that is believed to have sabotaged centrifuges used for Iran’s uranium enrichment program in 2009 and 2010.

“This is about preparing the battlefield for another type of covert action,” a former high-ranking US intelligence official told the Post. “Cyber collection against the Iranian program is way further down the road than this.”

Kaspersky disclosed last week that Flame in fact contained some of the same code as Stuxnet, directly tying the two pieces of malware together.

According to the Post Flame was designed to infiltrate highly secure networks in order to siphon intelligence from them, including information that would help the attackers map a target network. Flame, as previously reported, can activate a computer’s internal microphone to record conversations conducted via Skype or in the vicinity of the computer. It also contains modules that log keyboard strokes, take screen shots of what’s occurring on a machine, extract geolocation data from images and turn an infected computer into a Bluetooth beacon to siphon information from Bluetooth-enabled phones that are near the computer.

Flame exploited a vulnerability in Microsoft’s terminal service system to allow the attackers to obtain a fraudulent Microsoft digital certificate to sign their code, so that it could masquerade as legitimate Microsoft code and be installed on a target machine via the Microsoft software update function.

Flame was developed at least five years ago as part of a classified program code-named Olympic Games, the same program that produced Stuxnet.

“It is far more difficult to penetrate a network, learn about it, reside on it forever and extract information from it without being detected than it is to go in and stomp around inside the network causing damage,” said Michael V. Hayden, a former NSA director and CIA director who left office in 2009, told the Post.

It’s still unclear whether the malware used to attack computers in Iran’s oil ministry is the same malware now known as Flame.

As part of its monthly “Patch Tuesday” security updates for June, Microsoft announced changes in how Windows manages certificates. These changes include a new automatic updater tool for Windows 7 and Windows Vista that will flag stolen or known forged certificates. This shift will have a huge impact on companies and software vendors who use Microsoft’s implementation of public key infrastructure as part of their authentication and software distribution—especially if they haven’t followed best practices for certificates in the past.

The changes come on the heels of revelations about the recently discovered Flame malware, which used a rogue certificate authority that masqueraded as Microsoft in order to hijack the Windows Update mechanism.

On June 8, Microsoft made changes to its Update service to prevent such attacks in the future. The changes announced on June 11 go even further