NPC Seal
We use cookies to ensure you get the best browsing experience. By continued use, you agree to our privacy policy and accept our use of such cookies. For further information, click FIND OUT MORE.
I AGREE FIND OUT MORE
x
advertisement
Filtered by: Scitech
SciTech

'Flame' malware made to self-destruct after discovery —Symantec


Shortly after it was discovered and made public, the "Flame" (or "Flamer") malware, which security vendors have described as a potent super cyber-weapon, received a command from its creator to self-destruct.
 
According to security vendor Symantec, some Flamer command-and-control (C&C) servers sent an updated command to several compromised computers, to completely remove the malware from the infected machines.
 
"Compromised computers regularly contact their pre-configured control server to acquire additional commands. Following the request, the C&C server shipped them a file named browse32.ocx. This file can be summarized as the module responsible for removing Flamer from the compromised computer. One could also call it the 'uninstaller,'" it said in a blog post.
 
It added the attackers behind the malware appeared to still in control of at least a few C&C servers, which allowed them to communicate with a specific set of compromised computers.
 
Also, Symantec said these attackers retained control of their domain registration accounts, which allowed them to host these domains with a new hosting provider.
 
Earlier, Kaspersky Labs said its experts discovered the malware during an investigation prompted by the International Telecommunication Union (ITU), the United Nations' specialized agency for information and communication technologies.
 
"(Flame) is designed to carry out cyber espionage. It can steal valuable information, including but not limited to computer display contents, information about targeted systems, stored files, contact data and even audio conversations," Kaspersky said.
 
Uninstaller
 
Symantec said the browse32.ocx module locates every file on disk, removes it, and subsequently overwrites the disk with random characters to prevent anyone from obtaining information about the infection.
 
"This component contains a routine to generate random characters to use in the overwriting operation. It tries to leave no traces of the infection behind," it said.
 
Symantec said the existence of this module is interesting in itself as previously analyzed Flame/Flamer code indicated the existence of a component named SUICIDE, "which is functionally similar to browse32.ocx."
 
A separate article on ZDNet Australia said that on May 28, the day Flame's details began to emerge, requests for Flame's scripts were met with 403/404 errors, "hampering efforts to learn more about the servers behind the malware."  — TJD, GMA News
Tags: flamemalware, malware, symantec
LATEST ELEKSYON 2025 RESULTS
News
Voter's Education
Candidates
Find out your candidates' profile
Debates
Find the latest news
Stand on Issues
Find out individual candidate platforms
MyKodigo
Choose your candidates and print out your selection.
Voter's Profile
Voter Demographics
Most Popular