Skip to main content

Flame - Cyber Espionage



                           Flame is the most sophisticated and powerful malicious program that created to target Iranian uranium enrichment process. It creates a backdoor to access a computer on a network and spread via shared files and USB drives. Flame steals data from the affected computer and monitors every activity of the user on the computer. It was 1st found in Iranian oil network. Flame is considered as another dangerous cyber weapon and used as cyber espionage by attackers.

Flame initially spread through a spear phishing email and website. Moreover, it can be spread via infected USB drive and infected PC in LAN. The worm is a 20MB file that contains encryption algorithms, multiple libraries, SQLite3 databases, 20 plugins – provide the platform for attackers and some code written in LUA language which vulnerable to Microsoft Windows computer.



When flame infects the computer, all data files will be collected. Then the machine's settings would be remotely modified. The worm switches on the PCs microphone and record voice conversation. Furthermore, it records message conversation, scan keyboard inputs, Wi-Fi, network, storage devices, and system process and gets location by saved images. In addition, the flame has a component which can scan traffic on infected machines LAN that provides administrative access to the attacker for other machines in the LAN.

The flame worm is 20 times greater and its complexity and functionality surpass the Stuxnet. Besides, it cannot self – propagate, but it can be allowed by some hidden controllers.


"we are all now connected by the Internet like neurons in a giant brain" - Stephen Hawking


Comments

Post a Comment

Popular posts from this blog

Change Language in Google Account

When we create an email address, sometimes we do not consider the language preferences. Afterward, when we log in to a google account, context will be shown as unfamiliar. So we can change the language preferences of google account by following steps.  1.  Click on the Google profile and select google account 2.  Select data & personalization settings. 3. Scroll down and go to general preferences for the web. And click language. 4. If you need to change the default language, click on the pen sign. 5. If you want to add more languages, click on add other languages.
Post a Comment
Read more

Synchronizer Token Pattern

Synchronizer token pattern is one of the prevention methods for Cross-Site Request Forgery ( CSRF ). It uses a value called CSRF token which is unique for a session identifier. When the user login to a website, the server generates a random value called token for a particular session. The token is saved on the server as well as the browser (after obtained from the server). PHP identifies the session using the session variable ‘PHPSESSID’ which is also stored in the browser as the cookie to identify a particular session. The server validates the user when each request is made, via comparing the token value in the server and token value in the browser. Through this write up how synchronizer token pattern is implemented and how does it works will be described.  (Click on the images to view clearly) Source code of the implemented program can be downloaded from here .  I have implemented a login page called index.html to enroll a user to the server. T...
Post a Comment
Read more

Phishing - Hook for your data

Phishing is a trap to get your sensitive data through email which seems, it is from a trusted and well-known sender. This fraudulent attempt is done by online scammers (cybercriminal) to steal your identity and passwords to do crimes. The term “Phishing” was first used in 1996 that occurred in Usenet newsgroup called AOHell. Since the earlier hackers are called “Phreaks”, the ‘f’ in fishing replaced by ‘ph’. Even phishing attacks start to propagate through email, now it held by phone calls too. Mostly the attackers target a certain group or individual, Instead of sending emails to a large number of people. And those email seems like it is from reputed organization. Phishing emails make recipient panic by saying that your account has been hacked or there is an unrecognized activity occurred in your account and forced them to change their credentials using a given link. On the other hand, victims encourage to click on the link by saying that they have won a reward . When the receiv...
2 comments
Read more