Saturday, June 2, 2012

Remember Stuxnet, the incredible weaponized malware that was installed on the Iranians computer system to damage their drive to obtain nuclear weapons?


It is absolutely a model T compared to the latest new attack dog computer worm.

Read this, and tremble, as the more any modern society is reliant on computers and the internet, the more it is vulnerable to things like this. Hopefully our people are implementing equally sophisticated defensive software.


"Once a computer is infected by Flame, the program begins a process of taking over the entire machine. Flame records every keystroke by the user, creating a perfect log of all activity. It takes pictures of the screen every 60 seconds​—​and every 15 seconds when instant message or email programs are in use. It records all administrative action on the computer​—​taking note of network passwords, for instance. And it rummages through the computer’s hard drive copying documents and files.
But that’s not all. Flame also takes control of the machine’s Bluetooth capability and turns it into a hub for a small wireless network, bonding with other Bluetooth-enabled devices in the vicinity, such as cell phones. It then uses the Bluetooth connection to case whatever information is on the remote device​—​say, an address book, calendar, or email list. Most spectacularly, Flame is able to turn on the computer’s built-in microphone and record the user, or anyone else who happens to be chatting in the vicinity.
Flame then compiles all of this information​—​the passwords, the documents, the keystroke logs, the screenshots, and the audio recordings​—​encrypts it, and secretly uploads it to a command-and-control server (C&C), where someone is waiting to analyze it.
The first thing the white hats noticed about Flame was its size. Most malware is designed to be tiny​—​the smaller the package of code, the harder it is for your computer’s constantly updating security protocols to intercept it. It took half a megabyte of code to build Stuxnet, which was a remarkably large footprint by the standards of malware. When completely deployed, Flame takes up 20 megabytes. Which is positively gargantuan.
But Flame is deployed in stages. When it works its way onto a new machine, Flame comes in an initial package of six megabytes. After the worm takes control of the box, it inventories the machine and the surrounding networks, and then begins communicating with a remote C&C  server. On the other end of the line, a team takes in the data being sent by Flame, makes a determination of the new host’s value, and then returns instructions to the waiting worm. Depending on what the C&C team see, they might instruct Flame to install any of 14 additional modules​—​mini add-on programs which, for instance, would give Flame the ability to take over the computer’s microphone, or Bluetooth functionality. One module, named “browse32,” is a kill module. When activated by the C&C, browse32 systematically moves through the computer, deleting every trace of Flame’s existence. Its wipe is so thorough that once it’s been triggered, no one​—​not even computer security techs​—​can tell if Flame was ever there in the first place."

 

No comments:

Post a Comment