According to researchers LC, in addition to Flame, there is another malware that can delete files on infected computers.
Kaspersky Lab is continuing to investigate the mass attack computers Iranian companies, in which was discovered a previously unknown worm Worm.Win32.Flame.
In the words of Alexander Gostev worm Flame is “perhaps the most sophisticated cyber weapon created for cyberwar.”
Recall that the Flame was discovered during an investigation at the request of BOS International Telecommunication Union (ITU). ITU asked for help in identifying an unknown virus that deletes important information from the computers of different enterprises in the Middle East. Go to the ITU, in turn, asked the Iranian authorities, saying that the end of last month from a database of oil vanished from important company information.
LC staff found sample malware called Worm.Win32.Flame. Flame is a very clever set of tools for carrying out attacks. This is a backdoor Trojan, which has also features typical of worms and allowing it to spread across the local network and removable drives for receipt of orders from its master, “- said the BOS.
When injected into the victim’s computer Flame performs a series of complex transactions, including analyzing network traffic, create snapshots, record conversations, and captures the keystrokes of the victim.
According to Gostev, Flame is a great package, consisting of several software modules, including functions for the compression code and library sqlite3, by which a program can manipulate the database. At full deployment of the size of the malware was almost 20 MB.
Experts note that the Flame is very different from the other Trojans, backdoors. First, Flame uses a non-specific for the Trojans language Lua, and it provides a mechanism to record conversations with the victim’s built-in microphone. In addition, the malware can use Bluetooth to transfer data from the infected computer. However, in their opinion, Flame is not the only virus that attacked several Middle Eastern countries, among which the largest number of attacks have been Iran, Israel, Syria and Sudan. During the investigation, the experts found that Flame can not manually delete the data from the victim’s computer. And it proves that in addition to Flame, there is another virus.
Yesterday the online Positive Hack Days, organized by Positive Technologies, Alexander Gostev made a report on “The Mystery Duqu», which recounted the discovery of the worm Worm.Win32.Flame.