The creators of the
world's most complicated espionage virus Flame have sent a 'suicide'
command that removes it from some infected computers. U.S. computer
security researchers said on Sunday that the Flame computer virus, which
struck at least 600 specific computer systems in Iran, Syria, Lebanon,
Egypt, Sudan, Saudi Arabia and the Palestinian Authority, has gotten
orders to vanish, leaving no trace.
The 20-megabyte piece of malware already had a self-destruct module known as SUICIDE
that removed all files and folders associated with Flame, but the
purging command observed by Symantec researchers instead relied on a
file called browse23.ocx that did much the same thing. According to
Symantec, the ‘suicide' command was “designed to completely remove Flame
from the compromised computer,” the BBC reports.
Computers infected with Flame,
including honeypots, have been routinely contacting its C&C servers
to check for new commands. When the C&C servers still owned by
Flame’s authors recently sent out a self-destruct code, Symantec
detected the command immediately.
Flame was designed to suck
information from computer networks and relay what it learned back to
those controlling the virus. It can record keystrokes, capture screen
images, and eavesdrop using microphones built into computers.
Bots have long contained such
self-destruct mechanisms, so it's not surprising that malware as complex
and comprehensive as Flame would, too.
Source: BBC
No comments:
Post a Comment