Flame, une cybermenace inquiétante ? Malgré une manie avérée de vouloir crier au loup, les éditeurs de solutions de sécurité s'accordent à dire que Flame est un logiciel malveillant particulièrement inquiétant. 'La complexité et les fonctionnalités de cette nouvelle menace dépassent celles de toutes les autres à ce jour'. Flame a été découvert il y a deux semaines par les équipes de Kaspersky Labs suite à une étude commandée par l’entité américaine Union internationale des télécommunications. Flame a principalement établi ses bases sur les postes sous Windows (mouture 7 incluse) des instances iraniennes gérant le pétrole du pays. Le virus ne se cantonne pas à ces seuls acteurs et s’est vu déployé dans l’ensemble du Moyen-Orient, en Iran, Palestine, Soudan, Syrie et de façon moindre en Egypte et Arabie Saoudite et Liban. C’est dire si le sujet est sensible. Il aurait collecté et également supprimé de nombreuses données confidentielles (documents, copies d’écrans, enregistrements audio ou encore trafic).
Researchers identify Stuxnet-like cyberespionage malware called 'Flame' IDG News Service - A new, highly sophisticated malware threat that was predominantly used in cyberespionage attacks against targets in the Middle East has been identified and analyzed by researchers from several security companies and organizations. According to the Iranian Computer Emergency Response Team (MAHER), the new piece of malware is called Flamer and might be responsible for recent data loss incidents in Iran. There are also reasons to believe that the malware is related to the Stuxnet and Duqu cyberespionage threats, the organization said on Monday. IN THE NEWS: Government alarm over cyberattacks validated by terrorists Malware researchers from antivirus firm Kaspersky Lab have also analyzed the malware and found that while it is similar to Stuxnet and Duqu in terms of the geographic propagation and targeting, it has different features and it is, in many ways, more complex than both of those threats. The IDG News Service is a Network World affiliate.
Analysis of Spear-Phishing File The following is guest post courtesy of Ned Moran of the Shadowserver Foundation. This post is a technical analysis of the malware used in a spear phishing attack targeting those interested in ICS security . Dale was kind enough to share a copy of the spear phishing email that he posted about here. This spear phish contained a link to a zip file hosted at File: Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.zip Size: 1886505 This archive contained an executable with the following properties: File: Leveraging_Ethernet_Card_Vulnerabilities_in_Field_Devices.pdf.exe Size: 2192363 When executed in a lab environment this executable installed a Trojan downloader with the following properties: File: spoolsvr.exe Size: 73728 Path: C:\Documents and Settings\Administrator\Local Settings\Temp\spoolsvr.exe As shown by this VirusTotal report, this downloader was only detected by 7 of 42 antivirus products. GET /logo.html HTTP/1.1 Accept: */* Connection: Keep-Alive
Researchers identify Stuxnet-like malware called 'Flame' IDG News Service - A new, highly sophisticated malware threat that was predominantly used in cyberespionage attacks against targets in the Middle East has been identified and analyzed by researchers from several security companies and organizations. According to the Iranian Computer Emergency Response Team (MAHER), the new piece of malware is called Flamer and might be responsible for recent data loss incidents in Iran. There are also reasons to believe that the malware is related to the Stuxnet and Duqu cyberespionage threats, the organization said on Monday. Malware researchers from antivirus firm Kaspersky Lab have also analyzed the malware and found that while it is similar to Stuxnet and Duqu in terms of the geographic propagation and targeting, it has different features and it is, in many ways, more complex than both of those threats. Flame, as the Kaspersky researchers call it, is a very large attack toolkit with many individual modules. Reprinted with permission from IDG.net.
The long arm of Microsoft tries taking down Zeus botnets | Deep Tech Microsoft and financial services organizations, with an escort of U.S. Marshals, seized command-and-control servers Friday to take down botnets allegedly used to steal more than $100 million using an estimated 13 million computers infected with the Zeus malware. After raids in Scranton, Pa., and Lombard, Ill., "some of the worst known Zeus botnets were disrupted by Microsoft and our partners worldwide," Microsoft announced Sunday night in a post by Richard Domingues Boscovich, senior attorney with Microsoft's Digital Crimes Unit. The defendants allegedly installed the Zeus malware and close relatives called Ice-IX and SpyEye onto victims' computers, according to a lawsuit filed against the alleged Zeus botnet creators and operators last week. To take down the operation, Microsoft also took over Internet traffic that had been used to operate 3,357 botnets, according to the court's temporary restraining order. The seizure was made when the U.S.
Attacks on Iranian oil industry led to Flame malware find Computerworld - The sophisticated cyber espionage malware known as "Flame" was discovered after computers within Iran's energy industry were wiped clean of data, a security expert said today. "This was discovered during the investigation of a wiping of Iran's gas companies' computers," Liam O Murchu, manager of operations at Symantec's security response center, said in an interview Tuesday. O Murchu was referring to reports out of Iran a month ago, when the country's oil ministry confirmed that servers at several companies had been attacked. Later, other officials there acknowledged that the attacks had been aimed at other government ministries and industries. At the time, Iran admitted that the attacks had crippled some machines by wiping their hard drives, but claimed that it had been able to restore the servers using backups. Reports from Iran's state-backed media said that officials had identified the hackers responsible for the attacks. But there are hints in the code. .
Un botnet pour les n00bs On s'imagine souvent que les propriétaires de Botnets qui ont le contrôle sur des milliers d'ordinateurs à travers le monde, pour envoyer des spams, voler des mots de passe ou lancer des attaques Ddos, sont des petits génies informatiques ou des mafieux planqués dans l'arrière boutique d'un cybercafé au fin fond de la Chine ou de la Russie. Mais c'est faux, car chacun peut être à la tête de son propre réseau de Botnet, sans aucune connaissance, ni gros budget. La preuve avec Aldi Bot, un malware vendu moins de 10 € dans les coins les plus obscurs du net, qui permet à son propriétaire de construire patiemment son réseau de botnet. Aldi Bot v2.0 permet de lancer des attaques Ddos, d'utiliser la machine d'une victime comme un proxy, de voler les mots de passes stockés par Firefox, JDownloader et Pidgin, ou encore d'exécuter à distance n'importe quel binaire. Le créateur de ce "botnet maker" propose même un pack avec assistance à distance pour les acheteurs. [Source et Photo]
Flame virus: United Nations to issue warning against 'world's most powerful computer bug' 'Flame' bug has been used to hack into Iran computersTrojan superbug 100 times bigger than most forms of malicious software By David Gardner Created: 19:47 GMT, 29 May 2012 The virus, called 'Flame' is the third major cyber weapon uncovered after the Stuxnet virus that attacked Iran's nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain The United Nations is set to issue an urgent warning to guard against the most powerful computer virus ever unleashed amid fears it could be used to bring countries to a standstill. In what was being seen last night as the dawn of a new era in cyber warfare, UN computer security chief Marco Obiso said: 'This is the most serious warning we have ever put out.' He was speaking after it was revealed that a massive superbug had been used to hack into computers in Iran. Israel did little to dispute claims yesterday that it was behind the clandestine online assault. Mr. And the Israelis didn't try and deflect blame.
Location d’un botnet – Combien ça coute ? Une étude menée par Verisign (iDefense Intelligence Operations Team) a permis d'estimer le cout moyen de location d'un botnet. Pour résumer, un botnet est un essaim de milliers d'ordinateurs sous le contrôle d'une seule crapule, qui permet d'envoyer du spam ou encore d'attaquer des sites en les surchargeant (via Ddos). Et ce "petit service" coûte en moyenne 9 $ l'heure ou 67 $ les 24h. L'étude a porté sur 25 botnets donc les chiffres sont à prendre avec des pincettes car cela dépend surtout du nombre d'ordinateurs présents dans le botnet. Il est possible de tout louer ou juste une partie et les prix se pratiquent très souvent à la tête du client. Pas cher quand même, non ? Voici un exemple d'extorsion : “Hello. Il existe de vrais marchés sous-terrain que je vous décommande d'aller fréquenter. D'ailleurs, si ça vous intéresse (et que vous speakez l'english), la BBC a réalisé un petit reportage à ce sujet l'année dernière On vit vraiment dans un monde de dingue :-) [Source et photo]
Flame: Another Holiday, Another Super Virus Another holiday here in upstate New York, another roll of the fire trucks while some were supposed to be kicking back and enjoying a barbeque. It's times like this when I'm glad I'm not in the antivirus business anymore and doubly relieved that none of our machines run Windows. No flames here. Computer security people however may have to reach for the extinguisher this morning as the latest conflagration in the news bounces across their desk, the discovery of yet another "super virus" called "FLAME" as reported by this BBC article. Only problem is that according to Kaspersky, who made the discovery in coordination with the U.N.' Here we go... again. FLAME is described by Kaspersky as "one of the most complex threats ever discovered". Stranger yet is that the infector is an ActiveX control in the form of an OCX (OLE Control Extensions) file which apparently has run completely undetected for years.
Botnet TDL4 Botnet TDL4 Cette news m'a fasciné... La société Kaspersky a mis au jour un réseau de botnet du nom de TDL4 (ou TDSS) de plus de 4,5 millions de machines. D'après l'éditeur d'antivirus, TDL4 a véritablement été conçu pour régner en maitre sur ses machines grâce à : Un système d'affiliation qui permet de rémunérer les gens qui installent (volontairement) ce malware sur les machines d'autres personnes (pas vraiment au courant). Bref, un beau petit joujou qui fait mal et qui est réparti dans les pays de la manière suivante : TDL4 est utilisé pour collecter des données personnelles (accès à des serveurs, n° de carte de crédit, vol d'identité...etc) mais aussi pour lancer des attaques Ddos...etc. Pfiou ! [Source] Vous avez aimé cet article ?
'No country is safe from Flame super-virus attack' - Kaspersky Labs | Information, Gadgets, Mobile Phones News & Reviews The number of locations of flame infections detected by Kaspersky Labs on their customers' machines. Picture: Kaspersky Labs Source: Supplied A POWERFUL new virus has been uncovered which has been sabotaging government systems for at least five years in the Middle East. The "Flame" program is claimed to be at least 20 times more powerful than any previously known cyber warfare programs. That includes the infamous Stuxnet which attacked Iran’s nuclear program in 2010, causing centrifuges in its new uranium enrichment facility at Bushehr to fail just weeks before it was due to start up. Stuxnet and its successor, Duqu, have been fingered as viruses so powerful they could only have been created by a state. Flame was discovered by security company Kaspersky, which claims it has been mining Middle East government systems since at least 2010. A snippet of malware code shows why the virus has been dubbed 'flame'. How 'flame' spreads like wildfire.
A beginner’s guide to building botnets—with little assembly required Have a plan to steal millions from banks and their customers but can't write a line of code? Want to get rich quick off advertising click fraud but "quick" doesn't include time to learn how to do it? No problem. Building successful malware is an expensive business. In the process, these big botnet platforms have created a whole ecosystem of software and services in an underground market catering to criminals without the skills to build it themselves. The customers of these services often plan more for the short term than the long game played by the big cyber-crime rings. So how easy is it to get into the botnet business? To assemble your list for some of the simplest get-rich-quick schemes, all you need is about $600, a little spare time, and no compunctions about breaking laws to make a profit. It looks like you’re trying to build a botnet… Of course, that price is for a particular type of botnet. With my rough estimate in place, it was time to actually start some research of my own.