Iran-targeting Flame malware used huge network to steal blueprints
http://cdn.arstechnica.net/wp-conten...me-network.png Kaspersky Lab
Attackers behind the Flame espionage malware that targeted computers in Iran used more than 80 different domain names to siphon computer-generated designs, PDF files, and e-mail from its victims, according to a new analysis from researchers who helped discover the threat.
The unknown authors of Flame shut down the sprawling command-and-control (C&C) infrastructure immediately after last Monday's disclosure that the highly sophisticated malware had remained undetected for at least two years on computers belonging to government-run organizations, private companies, and others. The 80 separate domain names were registered using a huge roster of fake identities, and some of the addresses were secured more than four years ago.
"The Flame C&C domains were registered with an impressive list of fake identities and with a variety of registrars, going back as far as 2008," Kaspersky Lab expert Alexander Gostev wrote in a blog post published Monday. "In general, each fake identity registered only 2-3 domains, but there are some rare cases when a fake identity registered up to 4 domains."
Read more | Comments
http://feeds.feedburner.com/~ff/arst...jA:V_sGLiPBpWU http://feeds.feedburner.com/~ff/arst...jA:F7zBnMyn0Lo http://feeds.feedburner.com/~ff/arst...?d=qj6IDK7rITs http://feeds.feedburner.com/~ff/arst...?d=yIl2AUoC8zA
|All times are GMT -5. The time now is 01:20 PM.|
Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright ©1998 - 2014, nV News.