Pages Menu
TwitterRssFacebook
Categories Menu

Posted by on Jun 8, 2012 in Software |

Kaspersky: Viruses Flame can not affect a normal user

Kaspersky: Viruses Flame can not affect a normal user

(Cc) Darwin Bell

The has enough to speak from his discovery a couple of weeks by Kaspersky. Virus is a spy with many skills, such as the ability to turn a PC bluetooth contacts to steal mobile devices that are near, or off the microphones to record conversations, for example.

Is it possible that this virus affects the average person by accident? “No,” says Dmitry Bestuzhev, head of research at Lab for Latin America. “Flame is a special module that allows automutilarlo. That is, those behind the virus must first monitoring, and if they see a machine is correct, to prevent this threat is captured and analyzed, they can send a command to mutilate the virus, “he explains.

- So no ordinary users affected?

Dmitry Bestuzhev-No. You can not because those who are behind Flame control its spread. They seek their victims and attack them. An ordinary user does not represent industrial interest, unless you work at the embassy in Iran, or traveling to give a scientific consulting, military, technical or whatever, there could be a victim too.

  - How do you know that information is used to capture Flame espionage?

Dmitry Bestuzhev-Flame has no financial connection, not looking to steal any information to turn it into money, no bank accounts, credit cards. Only what is in Flame is the theft of confidential information, national character of a state. What they want is information that could represent a government information that are state secrets, and so on.

A very interesting thing is the proliferation, because you can see where it was detected. First, Iran is the main target of attacks. 50% of attacks are in Iran, one might ask well, what they do in Iran? We know the situation of conflict that exists in the Middle East, and also are affected machines are machines that are in the process of nuclear plants, etc.. You can look up on a machine that has no connection to the Internet, but only on the local network connection or Internet connection very limited.

Besides there is other evidence that your code searches Flame AutoCAD files. What are the files AutoCAD drawings.

- It is said that Stuxnet was created by the U.S. and Israel . Can you also say that Flame?

Dmitry Bestuzhev-There are no clear evidence about who might be behind this threat, however, which are similar threats could provide clues to which countries are behind. But there is no evidence that can clearly identify a country, are speculative so far.

- Would you say that we are in a cyberwar?

Dmitry Bestuzhev ‘Yes, indeed. When we talk about Stuxnet, cyberspace is like a missile, because the aim was to destroy things. And do not destroy a laptop, destroy the industrial system, which is connected to the infected laptop. This clearly shows an intention to an act of sabotage behind. Something very interesting, as we go back to the past and we go back to when did these threats, we see that Flame has its beginnings at least March 2, 2006. That is, if we had had this conversation in 2006 would think we were crazy, we live in science fiction movies of Bruce Willis, Die Hard, whatever. But today we see that is a reality.

- If dates from 2006, why was discovered only now?

Dmitry Bestuzhev-The reasons are precisely its sophistication. We used two different programming languages such as LUA language very atypical for viruses. It is a language that was invented in Brazil in the Catholic University of Brazil, and viruses were written in this programming language is very complicated. Another reason is that attacking isolated systems. A researcher can not access, I can not go to Iran and say, “I can lend their machines? I have suspicions that its nuclear program may be compromised. “ They are not going to leave it because if they do they will have problems with internal security in their country.

- Flame and aim Stuxnet Iran. Are there other virus attacks in other countries?

Dmitry Bestuzhev - Yes, we detected many launched from China into Tibet. Today just detect an attack from China to Tibet, disguised as the legend of the Olympics to come. For the Tibetans try to have connection to the world, then we see that there are regional attacks, however, politically motivated.

  - Countries should have anti-hacker squads then?

Dmitry Bestuzhev - There are intentions, Brazil is probably the most intensive in this (in Latin) because it has announced through the local press that the government is looking to have a split within the military have cyber responsible for the protection of that country . There are attempts, but apparently are not very advanced in this area, probably because of some limitations of the legal framework. Many times the current legislation does not permit a country to do, and also for knowledge. No lack of desire, knowledge itself, but you can always improve.

It is a challenge, because while some countries still underestimate the danger posed to be connected to the internet for the security of a country, others in exchange for having their industrial infrastructure so they can not have absolute control over certain things.

Links:
Flame, a new weapon discovered in Iran cyber-spying
Microsoft patches Windows vulnerability used by malware Flame
Flame fool Windows Update to infect other PCs

Tags: , , , , ,