The most complex malware attempts suicide and forensic cleansing.



You read it right, the creators of the Flame malware have sent a 'suicide' command that removes it from some infected computers.

You probably have heard about 'Flame' by now, that extremely complex malware which was designed to steal stored files and information about targeted systems, and was part of a massive targeted cyber-attack in Middle East.

Well, now, the people behind it have send a suicide code which removes it from some infected computers!

Earlier this week Symantec noticed that some Flame command and control (C&C) computers sent an urgent command to the infected PCs they were overseeing.

Flame's creators do not have access to all their C&C computers as security firms have won control of some of them.

The "suicide" command was "designed to completely remove Flame from the compromised computer", said Symantec.

The command located every Flame file sitting on a PC, removed it and then overwrote memory locations with gibberish to thwart forensic examination.

"It tries to leave no traces of the infection behind," wrote the firm on its blog.

Analysis of the clean-up routine suggested it was written in early May, said Symantec.
Also, it was revealed that Flame was designed by world-class cryptographers.

According to cryptographic experts, Flame is the first malicious program to use an obscure cryptographic technique known as "prefix collision attack". This allowed the virus to fake digital credentials that had helped it to spread.

The exact method of carrying out such an attack was only demonstrated in 2008 and the creators of Flame came up with their own variant.

"The design of this new variant required world-class cryptanalysis," said cryptoexpert Marc Stevens from the Centrum Wiskunde & Informatica (CWI) in Amsterdam in a statement.
So, that gives us some hints about who created it:

The finding gives support to claims that Flame must have been built by a nation state rather than cybercriminals because of the amount of time, effort and resources that must have been put into its creation. It is not yet clear which nation created the program.
You can find more info about the recent malware findings at the Symantec blog linked below!

NEWS SOURCE #1: Technology #18365844 (via) BBC News
NEWS SOURCE #2: Flamer Urgent Suicide (via) Symantec

Our thanks to 'Gauss' for this news item!