Flamer worm

Forum for analysis and discussion about malware.
Post Reply
User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Flamer worm

Post by rkhunter » Mon May 28, 2012 10:41 am

Flamer worm - Iran claims to discover new Stuxnet-like malware
The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted malware attack attacking the country, which it has dubbed Flamer.
http://nakedsecurity.sophos.com/2012/05 ... n-malware/

User avatar
R136a1
Forum Admin
Posts: 218
Joined: Wed Jul 13, 2011 4:30 pm
Location: Netherlands

Re: Flamer worm

Post by R136a1 » Mon May 28, 2012 12:17 pm

By the way, the original article lists 2 more files:
http://certcc.ir/index.php?name=news&fi ... e&sid=1892

Sooner or later some AV will pick up a sample, so let's see...

frame4-mdpro
Posts: 40
Joined: Wed Jul 13, 2011 1:53 am

Re: Flamer worm

Post by frame4-mdpro » Mon May 28, 2012 1:14 pm

More info emerging -- this time from the CrySyS Lab, who name it "sKyWIper".
PDF contains the hashes for the malware components as well.

http://www.crysys.hu/skywiper/skywiper.pdf

User avatar
Xylitol
Global Moderator
Posts: 1670
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Flamer worm

Post by Xylitol » Mon May 28, 2012 1:48 pm

You do not have the required permissions to view the files attached to this post.
Last edited by Xylitol on Mon May 28, 2012 2:00 pm, edited 1 time in total.

User avatar
R136a1
Forum Admin
Posts: 218
Joined: Wed Jul 13, 2011 4:30 pm
Location: Netherlands

Re: Flamer worm

Post by R136a1 » Mon May 28, 2012 1:54 pm


User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Flamer worm

Post by rkhunter » Mon May 28, 2012 2:07 pm

Hmmm, interesting, international cyber-malware-wars become more and more...

User avatar
kmd
Posts: 269
Joined: Mon Mar 15, 2010 4:09 am
Location: Russian Federation

Re: Flamer worm

Post by kmd » Mon May 28, 2012 2:09 pm

hehe, perfect time for av marketing, ooppps kaspersky already did it :D This time super-puper spy malware even without zerodays on board which makes it somehow uninterested. btw for me is bizzare how guys from av company pushes this yet another overrated crap and missing overall the main point -- systems protected by their products were vulnerable as well as any others :lol:

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Flamer worm

Post by rkhunter » Mon May 28, 2012 2:13 pm

Symantec - Flamer: Highly Sophisticated and Discreet Threat Targets the Middle East
http://www.symantec.com/connect/blogs/f ... iddle-east

User avatar
rkhunter
Posts: 1155
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Flamer worm

Post by rkhunter » Mon May 28, 2012 4:08 pm

frame4-mdpro wrote:More info emerging -- this time from the CrySyS Lab, who name it "sKyWIper".
PDF contains the hashes for the malware components as well.

http://www.crysys.hu/skywiper/skywiper.pdf
Really great analysis! Seems Kaspersky, Symantec just copy-paste from it.

User avatar
EP_X0FF
Global Moderator
Posts: 4811
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Flamer worm

Post by EP_X0FF » Mon May 28, 2012 7:17 pm

http://lenta.ru/news/2012/05/28/flame/

Does not really matter now was it collaboration or copy-past :) Pionner title goes to Kaspersky.
Ring0 - the source of inspiration

Post Reply