An analysis of two newly discovered command-and-control servers sheds new light on the cyber espionage tool known as Flamer.
| Th eFlamer cyber espionage tool that targeted the Middle East has likely been operational for more than five years and as recently as May 2012, according to an analysispublished by security firm Symantec on Sept. 17. Analyzing records from two command-and-control servers discovered by security researchers, Symantec, along with Kaspersky Lab, the International Multilateral Partnership Against Cyberthreat (IMPACT) and the German computer emergency response team (CERT-Bund), found that at least 1,000 systems in the Middle East had been controlled by one machine in March, while the other deleted spyware and erased its trail in May. In addition, data inside the command-and-control (C&C) servers indicated that the software could communicate with five different clients, Flamer plus four others, said Vikram Thakur, principal security response manager with Symantec. It's unclear if those clients are still spying on computers today or are old and outdated, he said. In addition, one of the codes appears to be a placeholder and may not indicate an actual client. "There are codes for five different client types; Flamer is one of those," Thakur said. "We don't know what the other client types are, but clearly the backend code was meant to handle much more than the Flamer that we know of today." The analysis comes after successive revelations about espionage activities being conducted worldwide. In June 2010, a small antivirus firm found the Stuxnet worm, which later investigation revealed to be a cyber-weapon focused on shutting down Iran's nuclear processing capability. Yet it turns out that Stuxnet had only been the latest attack. University researchers found another program, dubbed Duqu, which spied on Middle Eastern governments and companies. Then the researchers discovered a third program, Flame, which preceded both attacks. White House officials later confirmed that the United States had taken part in the development of Stuxnet, according to a book penned by a New York Times writer. While the latest analysis does not shed light on the origin of the programs, it does give some hints as to how the people behind the most studied cyber-attacks operated. For example, both systems used a Web application called "Newsforyou" for communications to make any traffic appear legitimate. The packages used to update the spying software on victims' computers, as well as any downloaded intelligence, were encrypted on the servers and could not be decrypted, Thakur said. While the operators of the command-and-control servers aimed to minimize any trace of their activities. "They were very careful. They went to lengths to make sure that they disabled logging. They made sure that they set up scheduled tasks—cron jobs—to periodically wipe out or shred the data that was logged on the servers, but they missed a good amount," Thakur said. In its own report on the discovery, security firm Kaspersky Lab stated that the Web application was disguised as a news site to hide its true purpose. "The C&C developers didn't use professional terms such as bot, botnet, infection, malware-command or anything related in their control panel. Instead they used common words like data, upload, download, client, news, blog, ads, backup etc.," the company wrote. "We believe this was deliberately done to deceive hosting company sys-admins who might run unexpected checks." Comments in the server software indicate that the Web application was coded by four individuals, whose names were redacted except for the first letters: D, H, O and R. Dates in the comments also indicate that development began on the project in December 2006. The majority of the development was done by January 2007 with additional work completed in September 2007 and in 2011. The analysis shows a good number of mistakes by the developers, who appear to be English speakers, said Thakur. "The comments are in English, [and] typos [are] very much from English," he said. "Overall, the picture is that these are very human guys. They are prone to errors, and don't really care about it and I doubt if too many people [were] going through their code." |
Posts
Thank you for reaching out to us. We are happy to receive your opinion and request. If you need advert or sponsored post, We’re excited you’re considering advertising or sponsoring a post on our blog. Your support is what keeps us going. With the current trend, it’s very obvious content marketing is the way to go. Banner advertising and trying to get customers through Google Adwords may get you customers but it has been proven beyond doubt that Content Marketing has more lasting benefits.
We offer majorly two types of advertising:
1. Sponsored Posts: If you are really interested in publishing a sponsored post or a press release, video content, advertorial or any other kind of sponsored post, then you are at the right place.
WHAT KIND OF SPONSORED POSTS DO WE ACCEPT?
Generally, a sponsored post can be any of the following:
Press release
Advertorial
Video content
Article
Interview
This kind of post is usually written to promote you or your business. However, we do prefer posts that naturally flow with the site’s general content. This means we can also promote artists, songs, cosmetic products and things that you love of all products or services.
DURATION & BONUSES
Every sponsored article will remain live on the site as long as this website exists. The duration is indefinite! Again, we will share your post on our social media channels and our email subscribers too will get to read your article. You’re exposing your article to our: Twitter followers, Facebook fans and other social networks.
We will also try as much as possible to optimize your post for search engines as well.
Submission of Materials : Sponsored post should be well written in English language and all materials must be delivered via electronic medium. All sponsored posts must be delivered via electronic version, either on disk or e-mail on Microsoft Word unless otherwise noted.
PRICING
The price largely depends on if you’re writing the content or we’re to do that. But if your are writing the content, it is $60 per article.
2. Banner Advertising: We also offer banner advertising in various sizes and of course, our prices are flexible. you may choose to for the weekly rate or simply buy your desired number of impressions.
Technical Details And Pricing
Banner Size 300 X 250 pixels : Appears on the home page and below all pages on the site.
Banner Size 728 X 90 pixels: Appears on the top right Corner of the homepage and all pages on the site.
Large rectangle Banner Size (336x280) : Appears on the home page and below all pages on the site.
Small square (200x200) : Appears on the right side of the home page and all pages on the site.
Half page (300x600) : Appears on the right side of the home page and all pages on the site.
Portrait (300x1050) : Appears on the right side of the home page and all pages on the site.
Billboard (970x250) : Appears on the home page.
Submission of Materials : Banner ads can be in jpeg, jpg and gif format. All materials must be deliverd via electronic medium. All ads must be delivered via electronic version, either on disk or e-mail in the ordered pixel dimensions unless otherwise noted.
For advertising offers, send an email with your name,company, website, country and advert or sponsored post you want to appear on our website to advert @ alexa. ng
Normally, we should respond within 48 hours.