The latest malware threat that is going around the world is the malware Flame. Security Affairs has published an article that explains the functions of the Flame malware. Flame is not the first malware that has hit Iran. Each time that Iran gets targeted by a malware it gets published on the internet and it then gets wide media attention. We can tell this by looking at the history of malware attacks on Iran like the Stuxnet malware, Duqu malware and Viper.
This news gets blown up badly that the focus on other threats disappears. In the same period that the Flame malware arrived the following news got published that the Chinese regime has backdoor acces to each U.S. military chip that has been manufactured in China. These chips are used in systems for weapons, nuclear power plants and public transports.
Cyber weapons are being manufactured and sold
We all read about the use of cyber weapons to cripple or demolish specific groups or countries. What we don’t get from the media is who gave the order to create such an cyber weapon, who coded and manufactured the cyber weapon and who is in control of the cyber weapon? There is a big growing market in the deal of cyber weapons.
Big guys: The cyber weapon arms dealers
Big impact viruses are created by specific request. These kinds of malware need production houses and big investors to have an impact. Stuxnet, Viper, Duqu, Flame are great examples of how these cyber arm dealers are active.
Stuxnet targeted Siemens industrial software and equipment. Stuxnet was the first malware to include a programmable logic controller rootkit. This means that the creators of Stuxnet had done their research on Iran and Siemens equipment or that someone had provided them the information.
Then we had the Duqu virus – the brother of Stuxnet. Duqu is an edited malware of the Stuxnet version and Duqu targeted Microsoft Windows systems using zero day vulnerability. Duqu was designed to espionage on industrial control systems.
The Viper virus managed to take some key installations offline for a short period, including the Kharg Island terminal control systems, which deals with the bulk of Iran’s oil exports through the Persian Gulf.
Flame; highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.
The malware, discovered by Russia-based antivirus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years.
Chief Security expert Alexander Gostev
Flame appears to have been operating in the wild as early as March 2010, though it remained undetected by antivirus companies. “It’s a very big chunk of code. Because of that, it’s quite interesting that it stayed undetected for at least two years,” Gostev said. He noted that there are clues that the malware may actually date back to as early as 2007, around the same time period when Stuxnet and DuQu are believed to have been created.
Zero day exploit
There are multiple black markets on the internet where you can get zero day exploits. Dancho Danchev is one of the security experts that keeps an eye on these markets. He says that you can buy your own malware at several prives. They can start from 100 dollars to an easy 20 000 dollars. The zero day exploits then get used to infect your computer with malware.
McAfee has published a report that described the growth of malware that focusses on stealing credentials and malware. Cyber crooks sell malware software kits and rent out use of botnets, according to internet security specialists and law enforcement. There was also a rise in malware aimed at mobile gadgets running on Google-backed Android software and at Macintosh computers based on Apple operating systems, according to the report.