CyberTech Rambler

July 11, 2012

Flame looks more and more like espionage tool

Filed under: Uncategorized — ctrambler @ 4:36 pm

TheRegister’s write up on security specialists analysis of Flame malware shows me that it is very likely to be a espionage tool. It does several thing that would not had been found in garden variety malware. They include (1) limiting its own spreading in an effort to reduce risk of detection  [I am not saying malwares will not do this, but quite simply the pool of victims out there is so large that it is not worthwhile limiting the spread of one’s malware]; (2) No visible payload but ability to add payload to it [Again, some malware might do this but would be quite rare to have no initial payload]; (3) clean after oneself petty thoroughly [As TheRegister point out, it goes an extra mile”

But the key to me is actually the planning and careful execution of the plan for Flame. It adds a new dimension to malware investigation, i.e., management of the malware. We haven’t seen this dimension taken so seriously before and add a layer of intrigue to the story of Flame.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: