Recently, a dangerous virus named Flame has appeared and widely spread in the Middle East. Analyses show that this virus is specially designed to steal important information in infected countries. Flame has many complicated functions, and its size is much bigger than that of Stuxnet or Duqu before. It is possible to say that Flame’s appearance is one of the cases marking an inevitable trend, that is the development of super spyware.
In fact, the trend of developing delicate spyware has appeared since the end of 2010. Bkav experts did carry out a number of analyses on spywares owning delicate data-stealing functions (those of which latter were successfully learned by Flame). These spywares can utilize user’s webcam to take photos or capture videos; they are also capable of controlling sound card to record a conversation which takes place near the infected computer. They can even connect to C&C server via https protocol, creating a separate channel for hackers to remotely access the victim computer from this C&C server and steal any files they want. Moreover, hackers can take advantage of the infected computer to intrude into other machines within the same intranet. Currently, apart from Bkav, no antivirus software has the ability to identify and remove these sophisticated malwares, while enterprises’ network security surveillance systems lack the capability to detect dangerous https connections to alert network administrators. Up to now, Bkav radar system has recorded the appearance of this kind of spyware in Germany, Malaysia, Vietnam, the USA, etc.
Clearly, in today’s tendency to prepare for cyberwar, besides developing destructive malware, countries have been concentrating on creating super data-stealing spyware. This is an inevitable trend in the development of malware.
Nguyen Minh Duc
Director of Security Division