PDA

View Full Version : Iran-targeting Flame malware used huge network to steal blueprints


News
06-04-12, 05:20 PM
http://cdn.arstechnica.net/wp-content/uploads/2012/06/flame-network.png Kaspersky Lab (https://www.securelist.com/en/blog/208193540/The_Roof_Is_on_Fire_Tackling_Flames_C_C_Servers)


Attackers behind the Flame espionage malware that targeted computers in Iran used more than 80 different domain names to siphon computer-generated designs, PDF files, and e-mail from its victims, according to a new analysis from researchers who helped discover the threat.

The unknown authors of Flame shut down the sprawling command-and-control (C&C) infrastructure immediately after last Monday's disclosure (http://arstechnica.com/security/2012/05/spy-malware-infecting-iranian-networks-is-engineering-marvel-to-behold/) that the highly sophisticated malware had remained undetected for at least two years on computers belonging to government-run organizations, private companies, and others. The 80 separate domain names were registered using a huge roster of fake identities, and some of the addresses were secured more than four years ago.

"The Flame C&C domains were registered with an impressive list of fake identities and with a variety of registrars, going back as far as 2008," Kaspersky Lab expert Alexander Gostev wrote in a blog post (https://www.securelist.com/en/blog?weblogid=208193540) published Monday. "In general, each fake identity registered only 2-3 domains, but there are some rare cases when a fake identity registered up to 4 domains."

Read more (http://arstechnica.com/security/2012/06/flame-espionage-malware-used-huge-network-to-steal-blueprints/) | Comments (http://arstechnica.com/security/2012/06/flame-espionage-malware-used-huge-network-to-steal-blueprints/?comments=1#comments-bar)



http://feeds.feedburner.com/~ff/arstechnica/index?i=iGKVJ_MS8oo:HJECWQkAvjA:V_sGLiPBpWU (http://feeds.arstechnica.com/~ff/arstechnica/index?a=iGKVJ_MS8oo:HJECWQkAvjA:V_sGLiPBpWU) http://feeds.feedburner.com/~ff/arstechnica/index?i=iGKVJ_MS8oo:HJECWQkAvjA:F7zBnMyn0Lo (http://feeds.arstechnica.com/~ff/arstechnica/index?a=iGKVJ_MS8oo:HJECWQkAvjA:F7zBnMyn0Lo) http://feeds.feedburner.com/~ff/arstechnica/index?d=qj6IDK7rITs (http://feeds.arstechnica.com/~ff/arstechnica/index?a=iGKVJ_MS8oo:HJECWQkAvjA:qj6IDK7rITs) http://feeds.feedburner.com/~ff/arstechnica/index?d=yIl2AUoC8zA (http://feeds.arstechnica.com/~ff/arstechnica/index?a=iGKVJ_MS8oo:HJECWQkAvjA:yIl2AUoC8zA)
http://feeds.feedburner.com/~r/arstechnica/index/~4/iGKVJ_MS8oo

More... (http://feeds.arstechnica.com/~r/arstechnica/index/~3/iGKVJ_MS8oo/)