Tags: SkyWiper

Adding Flame to the Fire

If you pay any attention to any InfoSec related news sites, Twitter feeds, blogs or other sources, you’ve heard about a “new” piece of malware dubbed Flame or Flamer. News broke over the long weekend that a “highly sophisticated” tool for conducting cyber war (ugh…) had been discovered on several systems throughout the Middle East. This post isn’t an analysis of the Flame malware itself (For that: CrySyS, Threatpost, and Kaspersky), but rather a brain dump of some of the other points that I thought of while reading the reports and analysis available thus far. Initial reports of the malware in question claimed that Iran may have been losing data as a sophisticated virus erased and overwrote hard disks. According to Kaspersky, this malware was first dubbed wiper, but has since been confirmed to be the same as Flame. Further analysis by others suggests one of the available modules does in fact have this wiping capability. But what does that mean? Why start using the capability now? According to reports, this malware may have been hidden for up to 5 years. Surely, activating the wiping capability on even a moderate scale will eventually lead to discovery of the malware, as […]

Continue Reading...