recommended reading

Flame operators likely behind three other unidentified viruses

Pavel Ignatov/

The masterminds of the Flame malware campaign were at work on three other unidentified viruses, new research reveals. The findings offer further clues of the increasingly aggressive and broadening push by state-sponsored entities to deploy computer viruses on foreign networks, highlighting how the digital domain has grown increasingly militarized.

Flame is a computer espionage tool discovered this year that targeted computers in Iran and other countries in the Middle East. The structure of the virus bears similarities to Stuxnet, a worm that targeted Iranian nuclear systems and was widely believed to have been the handiwork of Israeli and U.S. entities.

Scrutiny of the command and control servers for Flame reveal that more than 10,000 machines were likely to have been infected with the malware and development work dated back as early as 2006. “Based on the code from the server, we know Flame was a project from a list of at least four,” according to a research note from Moscow-based antivirus company Kaspersky Lab. “The purpose and nature of the other three remain unknown.” The firm collaborated with antivirus provider Symantec, German CERT-Bund and security coalition group Impact Alliance.

One malware strain codenamed SPE is apparently “in the wild” because a handful of machines infected with it reached out to a sinkhole -- a network component where traffic gets diverted -- set up by Kaspersky to “talk” to machines infected with Flame.

The Kaspersky researchers also said that tools on the Flame command and control servers were similar to those used by the operators of Duqu, an espionage malware that has infected Sudanese and Iranian machines. “It appears that the people who managed the C&Cs [command and controls] are more familiar with RedHat systems. This reminds us of the Duqu C&Cs which were all based on RedHatCentOS,” according to a Kaspersky note. RedHat makes a variety of commercially available software.

The researchers said that while the Flame control panel interface was designed to look “generic and unpretentious,” much like the systems used by amateurish hacktivist groups to launch sloppy botnet attacks, signs abounded of a deliberately-executed campaign.

Three people, under the leadership of a particularly adept coder, were responsible for the development of the command and control operation. Any data scooped up relied heavily on encryption.

(Image via Pavel Ignatov/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.