On 12/06/12 12-Jun-2012;6:04 PM, Biju Chacko wrote:

http://www.f-secure.com/weblog/archives/00002383.html

More on this, for those not following along: http://www.wired.com/threatlevel/2012/06/us-and-israel-behind-flame/ Report: US and Israel Behind Flame Espionage Tool By Kim Zetter June 19, 2012 | The United States and Israel are responsible for developing the sophisticated espionage rootkit known as Flame, according to anonymous Western sources quoted in a news report. The malware was designed to provide intelligence about Iranbs computer networks and spy on Iranian officials through their computers as part of an ongoing cyberwarfare campaign, according to the Washington Post. The program was a joint effort of the National Security Agency, the CIA and Israelbs military, which also produced the Stuxnet worm that is believed to have sabotaged centrifuges used for Iranbs uranium enrichment program in 2009 and 2010. b This is about preparing the battlefield for another type of covert action,b a former high-ranking US intelligence official told the Post. b Cyber collection against the Iranian program is way further down the road than this.b Flame was discovered last month by Russia-based antivirus firm Kaspersky Lab, following reports in Iran that malware aimed at computers belonging to that countrybs oil industry had wiped data from the computers. In trying to investigate that issue, Kaspersky came across components of the Flame malware, which the researcher believed was not directly connected to the malware that wiped the Iranian computers clean but which they believed was created by the same nation states behind Stuxnet. Kaspersky disclosed last week that Flame in fact contained some of the same code as Stuxnet, directly tying the two pieces of malware together. According to the Post Flame was designed to infiltrate highly secure networks in order to siphon intelligence from them, including information that would help the attackers map a target network. Flame, as previously reported, can activate a computerbs internal microphone to record conversations conducted via Skype or in the vicinity of the computer. It also contains modules that log keyboard strokes, take screen shots of whatbs occurring on a machine, extract geolocation data from images and turn an infected computer into a Bluetooth beacon to siphon information from Bluetooth-enabled phones that are near the computer. Flame exploited a vulnerability in Microsoftbs terminal service system to allow the attackers to obtain a fraudulent Microsoft digital certificate to sign their code, so that it could masquerade as legitimate Microsoft code and be installed on a target machine via the Microsoft software update function. Flame was developed at least five years ago as part of a classified program code-named Olympic Games, the same program that produced Stuxnet. b It is far more difficult to penetrate a network, learn about it, reside on it forever and extract information from it without being detected than it is to go in and stomp around inside the network causing damage,b said Michael V. Hayden, a former NSA director and CIA director who left office in 2009, told the Post. Itbs still unclear whether the malware used to attack computers in Iranbs oil ministry is the same malware now known as Flame. According to the Post, the attack on the oil ministry computers was directed by Israel alone, a matter which apparently caught US officials off guard, according to anonymous sources who spoke with the newspaper. Kim Zetter Kim Zetter is a senior reporter at Wired covering cybercrime, privacy, security and civil liberties. -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com)) ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE