The Flame: Questions and Answers

Discussion in 'malware problems & news' started by Dermot7, May 28, 2012.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    https://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Another article on Flame here:
    http://www.jpost.com/MiddleEast/Article.aspx?id=271709
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Depending on who's behind it this may become a trend. While it's definitely easier to just exploit 3 month old Java vulnerabilities and get some money clickjacking an advanced campaign like this can apparently go on for years unnoticed.

    Flashback trojan was massive but they burnt out fast. Something like this (and there have been others like this in the past) would take longer to develop but could potentially provide long term cash flow.
     
  4. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    http://www.securelist.com/en/blog?weblogid=208193522#

    ~ Copyrighted Image Removed ~
     
    Last edited by a moderator: May 29, 2012
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  6. Wow. Nice find Hungry Man. That is mostly over my head, but still an extremely interesting read.
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Use of Windows in "important" facilities = hmmmmm.
    USB drives allowed in "important" facilities = fail.
    Mrk
     
  8. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,073
    There goes the hype of Windows 7 being a secure OS. I really wonder if Windows 7 has a back door. If this was created 5 years ago, I wonder whats floating around now.
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    No backdoor, just user negligence.
    Nothing special there.
    Mrk
     
  10. amvlad

    amvlad Registered Member

    Joined:
    Aug 3, 2011
    Posts:
    14
    Location:
    Romania
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Right. Exploits in Microsoft code = the users fault. You know it's very likely there's a 0day involved here?
     
  12. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    https://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers
    Active and unknown since 2010 :ninja:
    Hopefully this malware isn't targeting home users in large scale...
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I'm bored.

    Windows 7 being a secure operating system differs from being an impenetrable operating system.

    Flame being active since 2010 has nothing to do with Windows being insecure or not. I ask: Those who are victimized, did they have proper security measures in place, even if some 0-day existed? Just because a 0-day may have existed, the same is not to say nothing could be done about it. Did they have anti-execution measures, etc? We know nothing about the security implementation in those facilities, except that they allowed external USB devices.

    You know, you can't always blame the system.

    Then again, I doubt Linux kernel servers are running on Windows..., still they got hacked... by script kiddies.

    At least these hyped Windows events are targeted attacks and done by very clever people. :D
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Why not?

    lol well... hacking a server is not like hacking a user. Especially since it's usually the service running on top of the server that allows for entry.
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    The only zero day is someone plugging in their stupid USB in an important machine, which was configured to run every piece of crap, plus probably unpatched, plus most likely Windows. Sensational, wooooow!

    You can enjoy the fictional drama if you want.

    Mrk
     
  16. No_script

    No_script Registered Member

    Joined:
    May 12, 2012
    Posts:
    97
    Yes there is no 0-day malware out there. AHEM *cough*. Doesn't suprise me, there is probably a lot more out there than this.
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Uh, no. That's the long-patched exploit Stuxnet used. Fully patched Windows 7 machines have been infected.

    If you don't understand why this piece of malware is different you either aren't looking or... I really don't know.
     
  18. No_script

    No_script Registered Member

    Joined:
    May 12, 2012
    Posts:
    97
    Now it's out we can look forward to every script kiddie/bot owner using it or a variant.
     
  19. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  20. tomazyk

    tomazyk Guest

    And from F-secure: http://www.f-secure.com/weblog/archives/00002371.html

    There is even something we can understand as mea culpa:
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Because someone in the security industry says so doesn't make it true.
    It says "might have been infected" which is equal to "wild speculation."
    I am looking and it's no different than any other piece of code. OK, code, so?
    Apparently, the security scene is boring now, so someone needs a bit of news.
    Remember conficker, how it was so awesome and superb and ... boring.

    And all of that is irrelevant. The whole point is - someone is using Windows, badly secured at that, for their critical installations. Right. That's the whole point.

    Mrk
     
    Last edited: May 29, 2012
  22. Hungry Man: you do realize there have been Linux zero-days? This local one for instance allowed all security mechanisms, including SELinux, to be bypassed in one go. If anyone had been interested they could have written a Linux trojan.

    If OSes were cheeses, Windows would be casu marzu... But Linux would still be Swiss.
     
  23. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm well aware of Linux having exploits lol I'm just explaining that hacking a server is different. edit: If I recall correctly the SELinux bypass was because of a really stupid configuration - part of the reason I don't like SELinux, the policy is too complicated. But removing a single line was enough to stop that. There have been a few local SELinux bypasses so I may be confusing them.

    IDK how to even respond to this. Duh? We're taking it at face value as with virtually every other piece of information we obtain online.

    Or, it's equal to "might have been infected."

    I'm sure the media will hype it and try to profit. That doesn't somehow mean that this malware isn't sophisticated or different from what we typically see.
    Except, according to the source, you can have a fully patched OS and still be infected. What being patched does is prevents some of the propagation methods. This malware is pretty large.
     
  24. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    What has a fully patched os got to do with?
    You take a binary and execute!
    Boom, end of story.

    You plug in your USB. You let Autorun run ... done. Simple.

    Mrk
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Disabling Autorun is perhaps a key "patch" ;)
     
Loading...
Thread Status:
Not open for further replies.