Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Recently security firm Kaspersky lab has published a new report on the sophisticated nation-state sponsored Flame cyber-espionage campaign. During the research, conducted by Kaspersky Lab in partnership with International Telecommunication Union’s cybersecurity executing arm - IMPACT, CERT-Bund/BSI and Symantec, a number of Command and Control (C&C) servers used by Flame’s creators were analyzed in detail. The analysis revealed new, groundbreaking facts about Flame. Particularly, traces of three yet undiscovered malicious programs were found, and it was discovered that the development of the Flame platform dates back to 2006.

Main findings:

• The development of Flame’s Command and Control platform started as early as December 2006.
• The C&C servers were disguised to look like a common Content Management System, to hide the true nature of the project from hosting providers or random investigations.
• The servers were able to receive data from infected machines using four different protocols; only one of them servicing computers attacked with Flame.
• The existence of three additional protocols not used by Flame provides proof that at least three other Flame-related malicious programs were created; their nature is currently unknown.
• One of these Flame-related unknown malicious objects is currently operating in the wild.
• There were signs that the C&C platform was still under development; one communication scheme named “Red Protocol” is mentioned but not yet implemented.
• There is no sign that the Flame C&Cs were used to control other known malware such as Stuxnet or Gauss.

The Flame cyber-espionage campaign was originally discovered in May 2012 by Kaspersky Lab during an investigation initiated by the International Communication Union. Following this discovery, ITU-IMPACT acted swiftly to issue an alert to its 144 member nations accompanied with the appropriate remediation and cleaning procedures. The complexity of the code and confirmed links to developers of Stuxnet all point to the fact that Flame is yet another example of a sophisticated nation-state sponsored cyber operation. Originally it was estimated that Flame started operations in 2010, but the first analysis of its Command and Control infrastructure (covered by at least 80 known domains names) shifted this date two years earlier.

The findings in this particular investigation are based on the analysis of the content retrieved from several C&C servers used by Flame. This information was recovered despite the fact that Flame’s control infrastructure went offline immediately after Kaspersky Lab disclosed the existence of malware. All servers were running the 64-bit version of the Debian operating system, virtualized using OpenVZ containers. Most of the servers’ code was written in the PHP programming language. Flame’s creators used certain measures to make the C&C server look like an ordinary Content Management System, in order to avoid attention from the hosting provider.

Sophisticated encryption methods were utilized so that no one, but the attackers, could obtain the data uploaded from infected machines. The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame. It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild. These unknown malicious programs are yet to be discovered.

Another important result of the analysis is that the development of the Flame C&C platform started as early as December 2006. There are signs that the platform is still in the process of development, since a new, yet not implemented protocol called the “Red Protocol” was found on the servers. The latest modification of the servers’ code was made on May 18, 2012 by one of the programmers.

“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers. Flame’s creators are good at covering their tracks. But one mistake of the attackers helped us to discover more data that one server was intended to keep. Based on this we can see that more than five gigabytes of data was uploaded to this particular server a week, from more than 5,000 infected machines. This is certainly an example of cyber espionage conducted on a massive scale,” commented Alexander Gostev, Chief Security Expert, Kaspersky Lab. 

Here we want to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 

For detailed analysis on Flame's command and control (C&C) servers click Here

-Source (Kaspersky)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled"https://www.voiceofgreyhat.com/2012/09/Full-Analysis-of-Flame-Command-and-Control-Servers-Unraveled.html</a>

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering 

Russian anti virus firm & security giant  Kaspersky Lab has released an anti-spam and anti-malware application called Linux Mail Security which can be integrated into different type of Linux-based mail server to fight spam and block malicious attachments. The latest spam-fighting features – including Reputation Filtering and Enforced Anti-Spam Updates Service  help to filter out zero-hour spam, while our new ZetaShield technology helps to shield businesses from zero-day and targeted attacks. Designed for integration with a range of Linux-based mail systems, Kaspersky Linux Mail Security delivers the security, flexibility and ease of management that businesses and ISPs demand. 

Key Features:- 

• Advanced antivirus engine- Kaspersky Linux Mail Security includes the latest version of Kaspersky Lab’s award-winning antivirus engine – with behaviour stream signatures – to help detect and remove malicious attachments from incoming emails.
• 
  
• Zero-Day Exploit and Targeted Attack (ZETA) Shield- Kaspersky’s ZetaShield offers protection against unknown malware and exploits – to defend you from zero-day and zero-hour attacks and APTs (Advanced Persistent Threats).
• 
  

Powerful Anti-Spam Engine- Kaspersky Linux Mail Security provides the latest version of Kaspersky’s anti-spam engine – including two powerful new technologies:

• Enforced Anti-Spam Updates Service – uses push technology, directly from the Kaspersky cloud, to deliver real-time updates. By reducing the ‘update window’ from 20 minutes to approximately 1 minute, the Enforced Anti-Spam Updates Service helps to defend businesses against zero-hour spam and spam epidemics.
• Cloud-assisted Reputation Filtering – fights against unknown spam, to enhance the spam capture rate and reduce the number of false positives.

Kaspersky Security Network -The cloud-based Kaspersky Security Network (KSN) gathers data from millions of participating users’ systems around the world to help defend your system from the very latest viruses and malware attacks. Potential threats are monitored and analysed – in real-time – to help block dangerous actions, before harm is caused.

Attachment filtering- The new Format Recogniser feature can filter attachments – using information about file type, name and message size. This helps businesses to enforce their email usage policy and can help to address corporate liability issues that can arise when users try to distribute illegal music or video files via the corporate email system.

Improved!Global Blacklists and Whitelists- In addition to creating corporate blacklists or whitelists, administrators can manage ‘allowed’ or ‘denied’ senders email – using IPv4 and IPv6, wildcards and regular expressions.

Personal Blacklists and Whitelists- Users also can create their own blacklists and whitelists.

Backup and personal backup with flexible search -Blocked email is quarantined in a backup system. If the system uses Microsoft Active Directory or OpenLDAP, individual users can access their personal backup via the web so they’re less likely to need to call your helpdesk.

Integration with most popular MTAs (Postfix, Sendmail, Exim, qmail and CommunigatePro)- Kaspersky Linux Mail Security lets you select the method of integration, depending on your choice of Mail Transfer Agent (MTA) – so you can integrate as a filter or using a Milter API.

Antivirus command line file scanner- The Kaspersky Anti-Virus On-Demand Scanner can be used for on-demand virus checking of objects – which can include directories, regular files and devices such as hard drives, flash drives and DVD-ROMs.

Amavisd-new- Kaspersky Linux Mail Security supports integration with Linux mail systems using the high-performance AMaViS interface.

Monitoring and Reporting features- 

• SNMP (Simple Network Management Protocol) support – any type of event can be monitored using SNMP events and traps
• A new dashboard gives an at-a-glance view of status and monitoring
• Detailed, flexible reporting in PDF format – for customisable reports that help in the monitoring and analysis of security and policies
• Notification system – informs administrators and document owners about policy violation incidents
• Detailed logs – on all product actions, to help in identifying problems

Easy to deploy, maintain and manage- 

• System administrators can run manual updates or set the rules for fully automatic updates of antivirus, anti-spam and ZetaShield
• Integration with Active Directory and OpenLDAP
• Rich email traffic management rules – administrators can create rules according to corporate security policies
• IPv6 support
• Scalable architecture – the entire system can be easily migrated from a test server to a production environment

Kaspersky Linux Mail Security will support the following Linux distributions - Red Hat Enterprise Linux 6.2 Server, Fedora 16, SUSE Linux Enterprise Server 11 SP2, Debian GNU/Linux 6.0.4 Squeeze, CentOS 6.2, openSUSE Linux 12.1, Ubuntu 10.04 LTS; 12.04 LTS, Mandriva Enterprise Server 5.2, FreeBSD 8.3, 9.0, Canaima 3.0, Asianux 4 SP1. 

For Detailed Information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering"https://www.voiceofgreyhat.com/2012/09/Kaspersky-Releases-Linux-Mail-Security.html</a>

Kaspersky Unveils Internet Security 2013, A Unique Tool To Combat Against Cyber-Crime

Kaspersky Unveils Internet Security 2013, A Unique Tool To Combat Against Cyber-Crime

kaspersky lab on Monday has unveiled Kaspersky Internet Security 2013 and promises to help combat the slew of new cyber threats that have emerged this year. This new release is boasting a host of new features including a new anti-spam module, a new Safe Money Mode, antivirus engine, and a simplified user interface.  These include a new Safe Browser mode that activates automatically when the user logs onto a banking sites and isolates the payment operation from other online activities to ensure any transaction made is not monitored. Kaspersky Internet Security 2013 also adds new Secure Keyboard technology to the company's existing Virtual Keyboard tool. The tool is designed to protect the most sensitive data against keyloggers when in Safe Money mode. Kaspersky claims the tool also features a "unique Automatic Exploit Prevention technology targets the most sophisticated threats utilising vulnerabilities in popular software", and a "new antivirus engine with better detection rates for the entire scope of emerging cyber threats".

The new tool also promises to offer protection from zero-day exploits adding "Automatic Exploit Prevention technology" that is designed to address some of the most sophisticated threats. 

"When developing the new versions of our home user products we paid particular attention to the users' needs as well as the threats they face," said Eugene Kaspersky, chief executive of Kaspersky. Kaspersky Internet Security 2013 and Kaspersky Anti-Virus 2013 are set to be released on 28 August, costing £39.99 and £29.99 respectively. Final Versions of Kaspersky Internet Security and Kaspersky Anti-Virus, that fully support Windows 8, will be available immediately upon the release of Windows 8. Meanwhile, for testing purposes, the Technical Preview of Kaspersky Internet Security has been released  that is designed for Windows Consumer Preview. This version of the product is exclusively intended for installation on Windows Consumer Preview, and the product has only been distributed to the most active testers. 

To Download Kaspersky Internet Security 2013 Build (Compatible with Windows 8) Click Here

-Source (Kaspersky & V3)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Kaspersky Unveils Internet Security 2013, A Unique Tool To Combat Against Cyber-Crime"https://www.voiceofgreyhat.com/2012/08/Kaspersky-Unveils-Internet-Security-2013.html</a>