Precision Espionage MiniFlame Malware Tied To Flame

Gunkerty Jeb writes "Initially thought to be merely a module of the now-infamous Flame malware, MiniFlame, or SPE is, in reality, a secondary surveillance tool deployed against specially identified targets following an initial Flame or Gauss compromise. MiniFlame/SPE was one of three previously unseen pieces of malware discovered during a forensic analysis of Flame's command and control servers. Researchers at Kaspersky Lab and CERT-Bund/BSI determined that the program, which has compromised somewhere between 10 and 20 machines, can stand alone as an independent piece of malware or run as a plug-in for both Flame and Gauss."

Cross your fingers

[Sparticus789]

I sure hope that an actual person wrote this MiniFlame. Otherwise the virus has become self-aware and is now reproducing autonomously.

Get used to it

[crazyjj]

The era of governments using malware as part of their standard military/security/intelligence arsenal has arrived.

Re:Get used to it

[flyingfsck]

No, it arrived a long, long time ago. Ordinary folk only started to take notice now though.

Re:Get used to it

[SpzToid]

If nothing else, open-source code and watching how that movie director Robert Rodriguez successfully preaches low-budget artistic control vs. bigger-budget studio-control has taught me how raw talent, motivation, and perseverance can still succeed against 'the odds'. Oh, and fear helps a lot!

This knowledge I try to use for good given the gifts my life has given to me. Still, others will inherently do otherwise to the best of their abilities.

After all, it isn't what you have that matters, but what you do with what you have.

Re:Get used to it

[SethJohnson]

"....and watching how that movie director Robert Rodriguez successfully preaches low-budget artistic control vs. bigger-budget studio-control has taught me how raw talent, motivation, and perseverance can still succeed against 'the odds'."

That dude hasn't made a worthwhile movie since Sin City. He uses low budgets as an excuse for making crappy movies. There was no reason Predators had to suck with that budget. It was all him. He's infatuated by Hollywood's adoration of him. Crammed so many celebrities into Machete, he bloated out the story to fit them all in. Should have turned the camera off when Booth was killed. That was the end of the story that mattered. Same with his career.

Here's a wonderful music video Robert Rodriguez shot that may-or-may-not be self-aware that it's the story of Rodriguez banging a Hollywood Starlet (Rose McGowan) and then stressing over whether or not his kids from his divorce will accept the younger woman. Bob Schneider plays the Robert Rodriguez role while Kat Demming fills in for Rose McGowan. His kid plays himself in the video. I can't tell if he's tipping his hat to Nena with the release of the red balloons at the end or is just outright ripping the ending off.

Seth

Re:I'm NEVER WORRIED about these things...

They all are to one degree or another, & most implement the same general concepts for security too. Most used = most attacked. From the perspective of the malware maker/botnet master etc., this makes TOTAL sense (and it's why Microsoft Windows is the most attacked as far as Operating Systems go).

Blowback from this is going to hurt

[RoTNCoRE]

Malware like this is unique in warfare in that the payload can be recovered intact, reverse engineered, and deployed for other motives quite easily, and (from my admittedly limited understanding) requires only off-the-shelf technological overhead. I've read several articles here recently about critical infrastructure related SCADA equipment needing per-site patches due to backdoors and poor default security settings. Presuming the proliferators of this malware based espionage are intelligent and can predict the following chain of events, they must have deemed this to be an acceptable risk, or even want it to happen...

I wonder what the legal liabilities for the originating state(s) are when a modified version impact their own citizens and infrastructure? It worries me that nations are running headlong into this type of undeclared war. Bioweapons are limited in their usefulness in warfare for this very reason - their propensity to harm non-combatants on both sides. With our dependance on IT and networks in all areas including the provisions of the necessities of life, when this escalates, it won't be pretty.

Re:Is there more out there?

[A+Friendly+Troll]

Is there likely to be a lot more of this type of thing out there that just hasn't been discovered?

Yes.

There are four known communication protocols (OldProtocol, OldProtocolIE, SignupProtocol, RedProtocol) and four classes of malware (SP, SPE, IP, FL).

This is SPE. FL was Flame. SP is unknown (though presumed early SPE), IP is also unknown.

IP uses SignupProtocol. It is presumed that RedProtocol is not yet implemented, although I'd lean towards "not yet discovered".

This is really, really precisely targeted stuff. Stuxnet went out - supposedly the Israelis modified it and a bug/feature let it spread - but the others were pretty much precisely guided towards the victims. Nobody has any idea what's out there and which operating systems these things are targeting. Given that the creators of this entire malware family have also utilized a completely new hash collision algorithm and managed to do things nobody ever did before, I wouldn't be surprised if there were plenty more malware unknowns where this came from.

Fascinating stuff. Evil stuff, but incredibly fascinating. To this date, nobody figured out how malware operators gained access to some Linux servers used for C&C, nor why their first action after logging in was to upgrade OpenSSH.

Re:I'm NEVER WORRIED about these things...

[camperdave]

It'd be a whole lot easier to use an OS that isn't so susceptible to malware.

That's why I use hand written Action! code on an Atari 800XL, and I never, ever, ever go online.