While many Americans enjoyed a long holiday weekend, those in the security research community weren’t as fortunate as a new malware attack known as Flame/Flamer/Skywiper became known.
The attack is a complex one that is significantly more complex then either Stuxnet or Duqu and it appears to be targeting the same part of the world, namely the Middle East.
Vikram Thakur, principal research manager at Symantec Security Response told InternetNews that his firm was tipped off to the existence of Flamer by Hungarian research group CrySys (Laboratory of Cryptography and System Security). As it turns out, Symantec already had the Flamer malware file (known to Symantec as W32.Flamer) in their database and it had been detected using a generic anti-virus signature.
“Our telemetry tracked it back at least two years,” Thakur said. “We’re still digging in to see if similar files existed even prior to 2010.”
Thakur noted that Symantec technologies have potentially been blocking Flamer malware for the last two years in a generic way. Rival security vendor McAfee has a slightly different viewpoint on Flamer.
Dave Marcus, Director of Security Research for McAfee Labs, told InternetNews.com that his group started getting alerts over the weekend. McAfee did not however find incidents of Flamer going back years on their equipment. The lack of incidents is likely due to the fact that Flamer is a targeted attack.
“Flamer is the largest piece of malware that we’ve ever analyzed,” Thaker said. “It could take weeks if not months in order to actually go through the whole thing.”