'miniFlame' Malware Spreading Through Middle East -- Redmondmag.com

'miniFlame' Malware Spreading Through Middle East

By Chris Paoli
10/19/2012

A new Flame malware variant that's designed to steal personal data from a targeted machine was identified by security firm Kaspersky Labs this week.

"The SPE malware, which we call 'miniFlame,' is a small, fully functional cyber-espionage malware designed for data theft and direct access to infected systems," wrote Kaspersky.

Kaspersky said the majority of infected systems were located in Iran and Sudan, and the scope of attack compared to other surveillance malware (Flame, Duqu, Stuxnet, etc.) was much smaller. Kaspersky estimates that between 50 and 60 specifically targeted systems have been infected.

Unlike other Flame variants, miniFlame can either be operated as an independent module, or can be controlled as a dependent component of the Flame and Gauss cyber-espionage malware (in the observed attacks, the malware was utilizing the same C&C servers as Flame for installation).

While the exact method of infection was not discovered, Kaspersky said that due to the systems infected also contained the Flame and Gauss malware, a reasonable assumption would be that miniFlame was downloaded and installed using these two malware groups.

In fact, Kaspersky said it believes that miniFlame was specially created to be a part of the same Flame and Gauss campaign.

""We can assume this malware was part of the Flame and Gauss operations which took place in multiple waves," said Roel Schouwenberg, a senior researcher at Kaspersky Lab, to Computerworld. "First wave: infect as many potentially interesting victims as possible. Secondly, data is collected from the victims, allowing the attackers to profile them and find the most interesting targets. Finally, for these 'select' targets, a specialized spy tool such as SPE/miniFlame is deployed to conduct surveillance/monitoring."

miniFlame's development began in 2007 and concluded this year, according to Kaspersky. And the researchers who discovered the attack said they have witnessed only six of a possible dozen variants of the malware.

As with the initial discovery of the Stuxnet and Flame malware, the exact purpose, including specific information stolen, is still not clear. It is also possible that more variants will be discovered in the coming months.

"With Flame, Gauss and miniFlame, we have probably only scratched surface of the massive cyber-spy operations ongoing in the Middle East," said Schouwenberg. "Their true, full purpose remains obscure and the identity of the victims and attackers remain unknown."

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.