A highly complex Stuxnet-like, targeted attack is appearing across many Middle Eastern computers. It’s not only going after particular organizations, but it’s also targeting personal computers that use home Internet connections.
The malware, which goes by the names Flamer or Skywiper, is very hard to track down, but has some pretty wide-ranging effects. Flamer has the ability to steal documents, take screenshots of users’ desktops, spread via USB flash drives, disable security vendor products, and under certain conditions spread to other systems.
Symantec, which has a great analysis of its complexity and infiltration into particular organizations and the home, noted parts of Flame appear linked to Stuxnet, which “caused several oil terminals in Iran to be disconnected from the Internet.”
Like Stuxnet, this is a virus that was developed by a team of people over a long time period and has lots of nasty internal methods that work together to produce an infection. One country where Flamer has been spotted is Hungary. There, virus researchers have developed their own in-depth analysis, which is worth reviewing to see the level of sophistication in this piece of malware.
- Flamer: Highly Sophisticated and Discreet Threat Targets the Middle East [Symantec]
- sKyWiper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks [Budapest University]