[LINK] Flame virus (stuxnet 0.1?)

Kim Holburn kim at holburn.net
Sat Jun 2 10:38:46 AEST 2012 

> Flame's significance lies in its complexity, which, when combined with its victims, strongly suggests the resources of a nation-state oversaw its creation.


http://arstechnica.com/security/2012/06/spy-softwares-bluetooth-capabilty-allowed-stalk-of-iranian-victims/

> Spy software's Bluetooth capability allowed stalking of Iranian victims
> 
> Flame attackers could even surveil smartphones not infected by the malware.

> Espionage software that was recently found targeting Iranian computers contains advanced Bluetooth capabilities, taking malware to  new heights by allowing attackers to physically stalk their victims, new analysis from Symantec shows.
> 
> The Flame malware, reported earlier this week to have infiltrated systems in Iran and other Middle Eastern countries, is so comprehensive that security experts have said it may take years for them to fully document its inner workings. In a blog post published Thursday, Symantec researchers dangled an intriguing morsel of information concerning one advanced feature when picking apart a module that the binary code referred to as BeetleJuice.
> 
> The component scans for all Bluetooth devices in range and collects the status and unique ID of each one found, presumably so that it can be uploaded later to servers under the control of attackers, the Symantec report said. It also embeds an encoded fingerprint into each infected device with Bluetooth capabilities. The BeetleJuice module gives the attackers the ability to track not only the physical location of the infected device, but the coordinates of smartphones and other Bluetooth devices that have been in range of the infected device.
> 
> "This will be particularly effective if the compromised computer is a laptop because the victim is more likely to carry it around," the report stated. "Over time, as the victim meets associates and friends, the attackers will catalog the various devices encountered, most likely mobile phones. This way the attackers can build a map of interactions with various people—and identify the victim's social and professional circles."
> 
> By measuring the strength of radio signals broadcast by devices indexed by Flame, attackers in airports, city streets, and other locations might be able to measure the comings and goings of a host of people, the Symantec report goes on to say. It refers to at least one attack that was reported to identify Bluetooth devices more than a mile away. The post says BeetleJuice could be used to upload contacts, text messages, photos, and other data stored on Bluetooth devices, or to bypass firewalls and other security mechanisms when exfiltrating sensitive information.


-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list