W32.Flamer is a worm that spreads through removable drives. It also opens a back door and may steal information from the compromised computer. Highly sophisticated and discreet, the Flamer threat contains code that is on par with Stuxnet and Duqu in complexity. It appears to be the work of a well-funded group targeting Eastern Europe and the Middle East.
Keep up with the latest information on this new threat by subscribing to this thread.
W32.Flamer http://www.symantec.com/security_response/writeup.jsp?docid=2012-052811-0308-99 W32.Flamer!gen www.symantec.com/security_response/writeup.jsp?docid=2012-053007-0702-99 Security Response Blog 1 http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet-threat-targets-middle-east Security Response Blog 2 http://www.symantec.com/connect/blogs/painting-picture-w32flamer Outbreak Page http://www.symantec.com/outbreak/?id=flamer
Fantastic info! Thanks for the post.
Regards,
Aniket
Thumbs up for putting up blogs and article on one page!
Are you seeing this spread to other geographies and industries yet? What kind of trends have you observed? Would be interested to know this info
Thanks for sharing information
vikram3500,
these links should answer your queries.
W32.Flamer http://www.symantec.com/security_response/writeup.jsp?docid=2012-052811-0308-99 W32.Flamer!gen www.symantec.com/security_response/writeup.jsp?docid=2012-053007-0702-99
Hello,
Here are the Latest BLOG from Symantec Security Response Team
Flamer: A Recipe for Bluetoothache
http://bit.ly/JRjm5K
W32.Flamer: Spreading Mechanism Tricks and Exploits
http://bit.ly/KxdLiM
Hope that helps!!
Here is the Latest BLOG from Symantec Security Response Team
W32.Flamer: Leveraging Microsoft Digital Certificates
http://bit.ly/K8WXun
Do you know if there is some report about the spread in a corporate environment ? This virus seems to be limited to governative targets.
@ riva11, Everything that we can publish publicly is listed in this thread. Keep checking back here for new reports.
Best,
Thomas
All useful info in one place!!!
Hello Microsoft release a patch (in this patch tuesday) KB2718704 for stopping Man-in-the-middle attack from Flamer and others :
http://answers.microsoft.com/en-us/windows/forum/windows_xp-security/kb2718704-connection-to-flame-malware/ca73ce4b-4718-4926-bb86-b21a1762012a
This update should be installed asap.
I especially want to thank DCourtel for the link to the MS KB (http://support.microsoft.com/kb/2718704) and Mithun Sanghavi for his link to the blogs: good info.
If anyone is in need of even more reading on flame, OpenDNS also has some interesting comments on this particular bug: http://blog.opendns.com/2012/06/01/unique-insight-into-flame-malware/
On Monday, a single windows update was downloaded to my computer.
How can I tell if this update was from the W32.Flamer?
At the time I was running Norton Internet Security 2012 in Windows 7.
Go to add/remove progams, check the "Show Updates" box, then scroll down to the list looking for KB2718704.
If it is shown, then your system is updated with the security patch.
Thanks, Thomas.
The patch was applied on Monday, the day I noticed the automatic update.
Richard
perfect
Followers of this W32.Flamer thread may also be interested in a related threat, W32.Gauss
https://www-secure.symantec.com/connect/blogs/complex-cyber-espionage-malware-discovered-meet-w32gauss
This new analysis from Symantec Security Response may be of interest to followers of this thread:
Have I Got Newsforyou: Analysis of Flamer C&C Servers https://www-secure.symantec.com/connect/blogs/have-i-got-newsforyou-analysis-flamer-cc-servers
Another new finding from Symantec Security Response may be of interest to followers of this thread:
W32.Flamer.B: Additional Module Discovered https://www-secure.symantec.com/connect/blogs/w32flamerb-additional-module-discovered
Hi Mick,
Thanks for updating the thread.
Cheers,
Threat came out in June, just found it on an old USB drive of mine that was in a storage box.