Thursday 7 June 2012

Flame snuffs itself out

In other news from the cyberwar-front, the epic state-sponsored malware Flame that has recently run amok worldwide has suddenly begun self-destructing.
Image courtesy of wn.com

Late last week, some Flamer command-and-control (C&C) servers sent an updated command to several compromised computers. This command was designed to completely remove Flamer from the compromised computer. The Flamer attackers were still in control of at least a few C&C servers, which allowed them to communicate with a specific set of compromised computers. They had retained control of their domain registration accounts, which allowed them to host these domains with a new hosting provider. [Symantec]

According to Kaspersky Labs, only hours after being publicly exposed, the developers behind the massive Flame malware initiated a self-destruct sequence that turned off the command and control infrastructure behind the program.

Flame worked by contacting a number of specific servers that would dish out control-scripts to the program. When the servers went dark shortly after details began to emerge on May 28th, flames functionality effectively came to an end.

Research efforts aimed at investigating the origin and exact purposes of Flame have been substantially hampered by this development.

Check out CNET’s Flame FAQ for more details on the worm.

No comments:

Post a Comment