recommended reading

Flame operators likely behind three other unidentified viruses

Pavel Ignatov/

The masterminds of the Flame malware campaign were at work on three other unidentified viruses, new research reveals. The findings offer further clues of the increasingly aggressive and broadening push by state-sponsored entities to deploy computer viruses on foreign networks, highlighting how the digital domain has grown increasingly militarized.

Flame is a computer espionage tool discovered this year that targeted computers in Iran and other countries in the Middle East. The structure of the virus bears similarities to Stuxnet, a worm that targeted Iranian nuclear systems and was widely believed to have been the handiwork of Israeli and U.S. entities.

Scrutiny of the command and control servers for Flame reveal that more than 10,000 machines were likely to have been infected with the malware and development work dated back as early as 2006. “Based on the code from the server, we know Flame was a project from a list of at least four,” according to a research note from Moscow-based antivirus company Kaspersky Lab. “The purpose and nature of the other three remain unknown.” The firm collaborated with antivirus provider Symantec, German CERT-Bund and security coalition group Impact Alliance.

One malware strain codenamed SPE is apparently “in the wild” because a handful of machines infected with it reached out to a sinkhole -- a network component where traffic gets diverted -- set up by Kaspersky to “talk” to machines infected with Flame.

The Kaspersky researchers also said that tools on the Flame command and control servers were similar to those used by the operators of Duqu, an espionage malware that has infected Sudanese and Iranian machines. “It appears that the people who managed the C&Cs [command and controls] are more familiar with RedHat systems. This reminds us of the Duqu C&Cs which were all based on RedHatCentOS,” according to a Kaspersky note. RedHat makes a variety of commercially available software.

The researchers said that while the Flame control panel interface was designed to look “generic and unpretentious,” much like the systems used by amateurish hacktivist groups to launch sloppy botnet attacks, signs abounded of a deliberately-executed campaign.

Three people, under the leadership of a particularly adept coder, were responsible for the development of the command and control operation. Any data scooped up relied heavily on encryption.

(Image via Pavel Ignatov/

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.