资源描述:
《FLAME VIRUS ALERT》由会员上传分享,免费在线阅读,更多相关内容在行业资料-天天文库。
1、NationalComputerBoardComputerEmergencyResponseTeamofMauritius(CERT-MU)VirusAlertINTRODUCTORYDETAILSABOUTWORM32.FLAMEVIRUSAcomplextargetedcyber-attackknownas“Flame”hasbeendiscoveredbytheIranianMAHERCertonSunday,May272012.Inaddition,followinganinvestigationpromptedandsupportedbyt
2、heInternationalTelecommunicationUnion,KasperskyLabandCrySySLabalsoconfirmedthepresenceofFlame,alsoknownasSkywiper,asophisticatedcyber-espionagetoolkitprimarytargetingWindowscomputersintheMiddleEast.AccordingtoRussiansecurityfirmKasperskyLab,FlamehadbeenoperatingsinceAugust2010a
3、nditwasdescribedasoneofthemostcomplexthreatseverdiscovered.SeveralhoursafterFlamewasannounced,theFlamecommand-and-controlinfrastructure,whichhadbeenoperatingforyears,wentdark.Thediscoveryofcomplexcyber-attacksisnotnew.In2010,therewasStuxnet,asoftwarevirusthatdisruptedtheoperati
4、onofcentrifugesatnuclearfacilitiesinIran.In2011,Duquwasdiscovered,acomputerwormthatwasbuiltonmuchofthesamecodeasStuxnet,butwhichconcentratedonespionageratherthansabotage,extractingdataoutofcomputersthatitinfected.Now,in2012,thereisFlamewhichhasthesimilarpurposeofDuqubutismoreso
5、phisticated.FlamehasbeencomparedtoDuqusincebothappearedtotargetsimilargeographicalregionsandhavebeencreatedforthesamepurpose.However,researchershavepointedamajordifferenceinFlame.DuquC&CproxieswereCentOSLinuxhostswhereastheC&CproxiesofFlamearerunningUbuntu.ThecomparisonoftheDuq
6、uandFlameC&Cinfrastructureisshowninthetablebelow:DuquFlameServerOSCentOSLinuxUbuntuLinuxControlScriptsRunningonremoteserver,RunningonServersshieldedthroughSSHport1forwardingNumberofvictimsperserver2-350+EncryptionofconnectionstoSSL+proprietaryAES-basedSSLserverencryptionCompres
7、sionofconnectionNoYes,ZlibandmodifiedPPMDNumberofknownC&C’sn/a80+domainsNumberofknownC&CIPS515+Numberofproxiesusedto10+UnknownhideidentityTimezoneofC&CoperatorGMT+2/GMT+3UnknownInfrastructureprogramming.NETUnknownLocationofserversIndia,Vietnam,Belgium,Germany,Netherlands,UK,Net
8、herlands,Switzerland.Switzerland,HongKong,Korea,etc.Tu
