Towards the end of last month it was announced that researchers had discovered what was thought to be the most complex targeted cyber-attack ever seen, designed specifically to steal private data from countries such as Israel and Iran.
According to Russian security firm Kaspersky, It was thought that the malware (which has been named Flame) had been operating since as far back as August 2010. Kaspersky Labs accidently discovered its existence while helping the UN’s International Telecommunication Union investigate another malware threat known as Wiper.
Since its discovery, various security firms have been monitoring and analysing its activity using booby-trapped computers. One such company is Symantec, who noticed earlier this week that some of the Flame C&C (Command & Control) computers had sent out an urgent command to compromised computers which essentially was a suicide command designed to completely remove Flame from all computers it has infected.
The command would mean that Flame would locate every file related to the malware that lives on the infected computer, remove it and overwrite it with gibberish to thwart forensic examination.
Since its discovery, researchers have been constantly analysing Flame’s source code and have been amazed by its complexity. According to cryptographic experts, Flame is the first program with malicious intent to use an obscure cryptographic technique known as a “prefix collision attack”. The result allowed Flame to fake digital certificates and spread itself.
Cryptographic experts say that there has only been one other instance of carrying out such an attack using this method, and that was a demonstration which took place back in 2008. However, Flame has a brand new variant which would of required world-class cryptanalysis.
The findings that have been uncovered by researchers give support to claims that Flame would have most definitely been created by a state nation conducting cyber espionage, however what isn’t clear is what nation would have created such a program – something we may never find out.