Flame

[Unkotare]

Anyone else read about this one? It makes Stuxnet look like the equivalent of throwing a rock through someone's window in hopes of breaking their computer. Amazing stuff.

 

[Oddball]

Link or it didn't happen.

 

[Unkotare]

Flame | The Weekly Standard

 

[Mad Scientist]

StuxNet was an offshoot of Flame.

Now when I said StuxNet was an US/Israeli confab I was called a "conspiracy theorist". Well now here's proof:
'Proof' Links Flame, Stuxnet Super Cyber Weapons: Researchers - Yahoo! News

But see, we need to give the President (And Obama asked for it) an "Internet Kill Switch" in case of internet attacks by viruses like StuxNet that was made by umm ahh... the US and Israel.

Wait, whut?

 

[Ernie S.]

 

[flacaltenn]

It is kinda brilliant. In the way that aerial drones are brilliant to accomplish assassinations.

This is an ARSON tool. Because real warfare is too risky anymore. We've reverted to Cripts/Bloods tactics and inventing better "drive-by" tactics.

 

[waltky]

Has Flame morphed into Gauss?...

Solving "Gauss"
August 16th, 2012 - Researchers at the same cybersecurity lab that announced the discovery of the Flame virus this past May believe they have discovered a related set of code that serves as a Trojan horse, and they're asking the wider cryptographic community to help them crack it.

The newly found code dubbed "Gauss" appears to be a cyber-espionage toolkit that has the ability to intercept passwords, steal computer system configuration information and access credential information for banks located in the Middle East. But researchers at Kaspersky Lab in Russia say things don't seem to be only as they appear. "We're talking about a complex package," says senior security researcher Kurt Baumgartner, who says the code appears to be created by a nation-state. "It's unique and different in a few ways; it maintains code and has similar functionality to Flame and Stuxnet." Flame and Stuxnet are computer viruses that have the ability to rewrite code. Stuxnet targeted Iran's nuclear program. It rewrote code that caused enrichment centrifuges to spin out of control, rendering them useless. The U.S. and Israel are widely believed to be behind the creation of the virus.

Baumgartner says researchers have had a harder time understanding what Gauss was actually created to do, or what its payload really is. A payload is a piece of code or technology that is being delivered within a software package. Baumgartner says the stealing of credentials and monitoring capability may be just a smokescreen for something more sinister. "It's very likely that its meant to cover up or hide whatever that payload is," says Baumgartner, who adds that it's possible the code was designed to avoid detection until it reached its final target.

Kaspersky Lab posted an appeal on its company website for encryption experts to try to help crack the code. They say they've gotten a number of responses from "talented people." "There's all sorts of speculation we could make about what's really in the payload," says Baumgartner. "But for a blob of encrypted data to reside within a piece of code that's related to Stuxnet and that has spread to thousands or tens of thousands of machines in that region, it suggests that there is a more significant or more important payload."

So far, Kaspersky says most of the "Gauss" detections have been in Lebanon, with a smaller number reported in Israel. Researchers have no idea how the code spreads, but say that it has the ability to infect USB ports that, once infected, can spread to as many as 30 computers before the code self destructs. The toolkit earned its name because of references discovered within the code that pay tribute to mathematicians and philosophers. Johann Carl Friedrich Gauss was a German mathematician.

Solving "Gauss" – CNN Security Clearance - CNN.com Blogs

 

[waltky]

Shamoon virus goin' fer the power grid...

Shamoon virus targets energy sector infrastructure
17 August 2012 - A new threat targeting infrastructure in the energy industry has been uncovered by security specialists.

The attack, known as Shamoon, is said to have hit "at least one organisation" in the sector. Shamoon is capable of wiping files and rendering several computers on a network unusable. On Wednesday, Saudi Arabia's national oil company said an attack had led to its own network being taken offline. Although Saudi Aramco did not link the issue to the Shamoon threat, it did confirm that the company had suffered a "sudden disruption". In a statement, the company said it had now isolated its computer networks as a precautionary measure. The disruptions were "suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network", a statement read. It said the attack had had "no impact whatsoever" on production operations.

Rendered unusable

On Thursday, security firms released the first detailed information about Shamoon. Experts said the threat was known to have had hit "at least one organisation" in the energy sector. "It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable," wrote security firm Symantec. The attack was designed to penetrate a computer through the internet, before targeting other machines on the same network that were not directly connected to the internet. Once infected, the machines' data is wiped. A list of the wiped files then sent back to the initially infected computer, and in turn passed on to the attacker's command-and-control centre. During this process, the attack replaces the deleted files with JPEG images - obstructing any potential file recovery by the victim.

'Under the radar'

Seculert, an Israel-based security specialist, also analysed the malicious code and concluded that it had unusual characteristics compared with other recent attacks. "The interesting part of this malware is that instead of staying under the radar and collect information, the malware was designed to overwrite and wipe the files," the company said. "Why would someone wipe files in a targeted attack and make the machine unusable?" Shamoon is the latest in a line of attacks that have targeted infrastructure. One of the most high-profile attacks in recent times was Stuxnet, which was designed to hit nuclear infrastructure in Iran. Others, like Duqu, have sought to infiltrate networks in order to steal data.

BBC News - Shamoon virus targets energy sector infrastructure

 

[waltky]

New 'Flame' Virus Found; EU Boosts Iran Sanctions...

EU okays fresh Iran sanctions; new version of Flame virus uncovered
Oct 15, 2012 - New sanctions on banking, shipping and industrial sectors mark one of EU's toughest moves against Tehran's nuclear drive. Kaspersky Lab says 'miniFlame' designed to steal data, control infected systems

European Union governments on Monday agreed on further sanctions against Iran's banking, shipping and industrial sectors, cranking up financial pressure on Tehran in the hope of drawing it into serious negotiations on its nuclear program. The decision by EU foreign ministers reflected mounting concerns over Iran's nuclear intentions and Israeli threats to attack Iranian atomic installations if a mix of sanctions and diplomacy fails to lead to a peaceful solution.

EU foreign policy chief Catherine Ashton said she hoped that turning up the heat on the Islamic Republic would persuade it to make concessions and that negotiations could resume "very soon." "I absolutely do think there is room for negotiations," said Ashton, who represents the United States, China, Russia, Britain, France and Germany in their on-and-off talks with Iran. "I hope we will be able to make progress very soon."

The new sanctions mark one of the EU's toughest moves against Iran to date and a significant change of policy for the 27-member bloc, which has hitherto focused largely on targeting specific people and companies with economic restrictions. The EU has lagged the United States in imposing blanket industry bans because it is concerned not to punish ordinary Iranian citizens while inflicting pain on the Tehran government.

Iran maintains that its nuclear project has only peaceful energy purposes and has refused in three rounds of talks since April to scale back its uranium enrichment activity unless major economic sanctions are rescinded. But governments in Europe and the United States, doubting Iran's preparedness for more than dilatory "talks about talks", are instead tightening the financial screws on Tehran and fears of a descent into a new Middle East war are growing.

More EU okays fresh Iran sanctions; new version of Flame virus uncovered - Israel News, Ynetnews