Monday, October 22, 2012

The Story Continues: MiniFlame

Early July 2012, a smaller Flame module was discovered. This module had many similarities with Flame, so at the beginning it was believed that it might simply be an earlier version or the Flame malware. Few months later, it was found that not only there exists a connection between this malware and Flame, but also came across examples of this module being used concurrently with Gauss and being controlled by the Gauss main module.
Unlike Flame, which is designed for "massive spy operations," miniFlame is "a high precision, surgical attack tool,"
Researchers found that MiniFlame was something of super stealth assassin compared to the other programs. Whereas Flame, Duqu and Gauss had large missions to infiltrate multiple computers in countries like Iran, Syria and Lebanon, MiniFlame targeted just a few select victims in what Kaspersky calls “highly targeted attacks.” Kaspersky reported that MiniFlame, while rare compared to the more well-known malware packages, was more likely to show up in a variety of countries, including a computer located at the Francois Rabelais University in Tours, France.
Kaspersky Lab data indicates the total number of infections worldwide is just 50 to 60, including computers in Lebanon, France, the United States, Iran and Lithuania. "Most likely it is a targeted cyber weapon used in what can be defined as the second wave of a cyber attack."

Kaspersky determined that one machine in Lebanon is the lucky recipient of every nasty cyber weapon in the family:
There is one machine in Lebanon – what senior Kaspersky researcher Roel Schouwenberg calls “the mother of all infections” – which has Flame, Gauss, and miniFlame/SPE on it. “It is like everybody wanted to infect that specific victim in Lebanon for some reason,” he says.
Th Russian antivirus company believes that there are two more malware packages still in the wild, currently code-named only SP and IP. They may function much like the previously known malicious programs, churning through the guts of target computers for sensitive data to send home to their controllers before they execute the final trick in their arsenal, deleting themselves and vanishing from the infected system as if they’d never been there at all.

MiniFlame operates "as a backdoor designed for data theft and direct access to infected systems," which said development of the malware might have started as early as 2007 and continued until the end of 2011, with several variations.

Finally:  to protect yourself
1- Make sure that your anti virus definitions are up to date. 
(I assume that you already use an antivirus.)
2- Continuously monitor all the PCs you use for the Trojan "win32.Gauss" 
3- Refrain from Using the Option "Save Password" that stores your credentials within web browsers.
4- Keep your Operating System Up to date. 
5- Change your Password using a trusted clean, in case you doubt that your PC is or was compromised by Gauss or any other Virus.
6- Exercise cautious when using external storage devices (CDs, USBs), in order to limit the propagation of the Gauss or any other infection.
More info on

No comments:

Post a Comment