/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsSecurity researchers have found a new new cyberespionage tool, linked to the Flame virus has been infecting computers in Lebanon, Iran and elsewhere.
An AFP report quotes Kaspersky Lab, credited with revealing the Flame virus earlier this year, suspecting the new malware as "miniFlame."
According to the Kaspersky Lab report "it was "a small and highly flexible malicious program designed to steal data and control infected systems during targeted cyber espionage operations."
Main findings:
- miniFlame, also known as SPE, is based on the same architectural platform as Flame. It can function as its own independent cyber espionage program or as a component inside both Flame and Gauss.
- The cyber espionage tool operates as a backdoor designed for data theft and direct access to infected systems.
- Development of miniFlame might have started as early as 2007 and continued until the end of 2011. Many variations are presumed to be created. To date, Kaspersky Lab has identified six of these variants, covering two major generations: 4.x and 5.x.
- Unlike Flame or Gauss, which had high number of infections, the amount of infections for miniFlame is much smaller. According to Kaspersky Lab's data, the number of infections is between 10-20 machines. The total number of infections worldwide is estimated at 50-60.
- The number of infections combined with miniFlame's info-stealing features and flexible design indicate it was used for extremely targeted cyber-espionage operations, and was most likely deployed inside machines that were already infected by Flame or Gauss.
Russian-based Kaspersky said miniFlame "is based on the same architectural platform as Flame," widely reported to be part of a US-Israeli effort to slow Iran's suspected nuclear weapons drive.
The smaller version "can function as its own independent cyber espionage program or as a component" inside Flame and related malware.
Unlike Flame, which is designed for "massive spy operations," miniFlame is "a high precision, surgical attack tool," according to Alexander Gostev at Kaspersky Lab.
(SOURCE: AFP)