Flamer Malware Spied on Middle East for More Than Five Years
By Robert Lemos
September 17, 2012
The Flamer cyber-espionage tool that targeted the Middle East has likely been operational for more than five years and as recently as May 2012, according to an analysis published by security firm Symantec on Sept. 17.
Analyzing records from two command-and-control (C&C) servers discovered by security researchers, Symantec, along with Kaspersky Lab, the International Multilateral Partnership Against Cyberthreat (IMPACT) and the German computer emergency response team (CERT-Bund), found that at least 1,000 systems in the Middle East had been controlled by one machine in March, while the other deleted spyware and erased its trail in May.
In addition, data inside the C&C servers indicated that the software could communicate with five different clients, Flamer plus four others, said Vikram Thakur, principal security response manager with Symantec.
It's unclear if those clients are still spying on computers today or are old and outdated, he said. In addition, one of the codes appears to be a placeholder and may not indicate an actual client.