miniFlame: a Flame trojan’s small brother
Kaspersky Lab has detailed a small, highly-specialised trojan that has been identified as belonging to a Flame spyware worm family. The trojan, that has been dubbed “miniFlame”, was detected during a investigations into Flame, Gauss and Duqu in early Jul 2012.
Kaspersky Lab pronounced that a detected malware was primarily believed to be an early chronicle of Flame, but, following a minute research of a protocols involved, this arrogance incited out to be wrong. miniFlame is a apart spyware trojan and was apparently combined in a same trojan lab that built Flame and Gauss. The researchers trust that it was grown in together with these trojans in 2010 and 2011.
Kaspersky’s research concludes that miniFlame plays a special purpose within a Flame family. While it is organic as a stand-alone trojan, it can also be used as a plugin for Flame and Gauss. This means that Flame and Gauss can bucket miniFlame, for example, in sequence to obtain approach entrance to a putrescent computer.
A list of commands that can be sent to miniFlame from a authority control servers
An conflict involving Flame, Gauss and miniFlame substantially plays out like this: first, Flame and Gauss are used to taint as many targets as possible. Then, a enemy collect their victims’ information and use this information to brand targets that could be quite worthwhile. As a final step, a selected victims can afterwards be spied on by a miniFlame trojan on a stability basis.
The specialised inlet of miniFlame is reflected in a statistics a researchers collected: Kaspersky has purebred Flame and Gauss on about 10,000 systems in a Middle East, while miniFlame has usually been found on “a few dozen systems in Western Asia”. This confirms Kaspersky’s guess that miniFlame is being used as a “high pointing espionage tool”.
However, a company’s research is not nonetheless complete. The experts trust that serve trojan variants exist since a authority control servers “speak” 3 opposite protocols. One communicates with Flame and a second with miniFlame, though a communication partner of a third one hasn’t been identified yet. Kaspersky is now regulating a name “IP” for this “Higgs trojan”. It has been attributed to a same trojan lab that also combined Flame, Gauss and miniFlame.
Kaspersky says that a new commentary around Flame, Gauss and miniFlame have “probably usually scratched a surface” of a large cyber-spy operation that seems to be ongoing in a Middle East. The research was carried out on interest of a International Telecommunication Union (ITU). The German Federal Office for Information Security (BSI) was also concerned in a investigation; however, a BSI refused to criticism when asked about a accurate inlet of the impasse by The H‘s associates during heise Security.
See also:
- Kaspersky Lab Discovers “miniFlame,” a New Malicious Program Designed for Highly Targeted Cyber Espionage Operations, press recover from Kaspersky Lab.
(fab)