Skip to main content

Special Announcement

  • 25 Jun 2024

    Announcement for Change of Chinese Name

    Please note that the Chinese name of HKCERT is changed from 「香港電腦保安事故協調中心」 to 「香港網絡安全事故協調中心」 with immediate effect.

    The English name, abbreviation, web address and email address remained unchanged.

Do we need to worry about the `Flame´ malware?

Release Date: 1 Jun 2012 4022 Views

Flame, also named Flamer and SkyWiper, has widely captured the media attention as it is believed that the malware is related to cyber warfare among nation states. Upon the analysis of the malware, it has low impact to the general public in Hong Kong.

 

What is Flame?

 

Flame is a sophisticated, trojan-like, espionage malware, capable for stealing data, sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, compiling a list of nearby Bluetooth devices, collect and upload information, and many more. Flame can spread via USB drive and network share.

 

What are the Impacts of Flame?

 

Currently, the impact to general public users in Hong Kong is low. Most studies found that Flame now mainly targets Middle-east countries. According to a security vendor, there are reported incidents of Flame in Hong Kong and it is believed that the infected machines might be used by some travelers who visited Hong Kong. Based on the current studies, there are thousands of  machines found to be infected with Flame. Additionally,  Flame is being studied among Security vendors, and its signature is created and updated in most of their products. Hence, the chance of getting infected with Flame in Hong Kong is low.

 

Am I Infected?

 

One may perform Online or Offline Scanning to determine whether is infected:

  • Online Scanning
  1. With the existing security software, ensure the signature is up-to-date, and then perform scanning on the suspected computer.
  2. Use online scanning tools provided by most of the Security Vendors to perform scanning on the suspected computer.
  • Offline Scanning
  1. Use non-infected computer to download Microsoft Safety Scanner and save it in a USB storage device.
  2. Make sure the suspected computer is offline and isolated (not connected to the Internet/ intranet)
  3. Transfer the Microsoft Safety Scanner from a USB storage device to suspected computer
  4. Perform scanning on the suspected computer. 

 

What to do if I am infected?

 

 Most of the anti-virus software would be able to remove the malware once it recognizes the malware. However, we recommended to re-install the computer as complete solution to avoid unknown impact from the malware.

 

APT Attack

 

After uncovering Flame, people relate it with Stuxnet and Duqu, which were reported to target Iran. Researchers usually regard these 3 pieces of malware made for advanced persistent threat (APT) attack.

 

People launching an APT attack already had a specific target, which can be an organization or even a country. The attacker will penetrate into the target system persistently to collect intelligence for very long period before launching the attack. In the case of Stuxnet, the malware infiltrated into some Iranian nuclear plants and took them down.

 

It is unlikely Flame would make an impact to the general public in Hong Kong. Nevertheless, we should pay more attention to the development of those APT malwares, which are potential threats to critical infrastructure in the long run.

 

Reference: 

1. http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers