“Flame”/”Flamer”/”SkyWiper”, in terms of aliases or codenames: “Worm.Win32.Flame.A”/ “WORM_FLAMER.A”/”Trojan.Flame.A”/”Win32/Flamer.A”/”Win32.HLLW.Flame.1”, I think these many names should justify the power of recently found malware, which is recognized as the most lethal, powerful and harmful malware ever made in computer history. Many times dangerous than the popular Stuxnet and Duqu. Many of you may already have heard about it somewhere, as this has become the hot topic in Security industry. Some call Flame as Trojan and some as worm and I guess it is a hybrid of both. So, let us restrict ourselves by simply calling it malware to avoid any confusion. Security companies are revealing shocking facts about this Flame malware and some of them are here:
- It can regularly take screenshots or can capture screen when specific programs are run (Such as Instant Messengers etc).
- Records Audio via microphone.
- Has a keylogger that logs your keystrokes.
- Sniffs input textboxes and hence can steal your credit information, privacy details and can even read the passwords hidden behind asteriks.
- It can parse or interpret the information stored in zip, pdf, doc etc.
- It can collect information about Contacts from mobile devices, if you use bluetooth to connect mobile devices with computer. Mcafee confirms that this malware targets Nokia and Sony devices.
Then, the captured data is regularly sent in encrypted form to the remote servers. According to Mcafee:
The malware is also very careful to get this information back to the control server: It does this by silently firing up extra instances of Internet Explorer, and injects code into them. This way it can be part of a “trusted” process on the machine, allowing it to circumvent personal firewalls.
It can even update itself with help of these remote servers. So, those are some of the facts observed, but we still don’t know much about Flame. There is so much to be investigated and I think there will be many shockers to be revealed. Now, that we’ve seen what it can do, now let us see what we can do to avoid Flame infecting our systems.
Detection and Removal of Flame/Flamer/SkyWiper :
Now that the whole security industry is aware of Flame, they’ve already wrote definitions to detect it and completely remove it. Microsoft, AVG, Mcafee, Symantec, Kaspersky, Bitdefender, Avira etc… everybody confirms that their products can detect and remove all known variants of Flame. So, using an Antivirus and keeping it up-to-date will keep you safe, but if you are Anti to Anti-virus, then think again, atleast to make sure that you aren’t infected by this cyber super weapon. But, still if you don’t want to use an anti-virus then make use of any of the following removal tools to remove Flame.
All these latest happenings remind us two facts:
- Windows still tops the chart as the most vulnerable Operating System.
- Internet Explorer is still the number 1 target of malware authors. Wake up malware authors! It’s not Internet Explorer! It’s Chrome that has the biggest market share around the globe 😉
So, so… so… QUIT WINDOWS, QUIT INTERNET EXPLORER! (Just kidding :D)
Further Reading :