Kaspersky Lab has reported a further variant of the malware Flame. She is in a blog entry called “mini flame” or SPE. The software is thus known since July, but was thought to himself as a module of Flame
Write the experts: “During an intensive analysis of the structure of the command and control server by Flame in September 2012 turned out that mini flame can be used as a standalone program and works as a plug-in for Flame and Gauss.” It works as a Backdoor Trojans, which specializes in data theft as well as direct access to infected systems.
“Mini flame is a high precision attack weapon.Most likely, it acts as a second wave of a cyber attack, “said Alexander Gostev, Chief Security Expert at Kaspersky Lab. “First, Flame or Gaussian are used to attract as many victims of a large number of information. After an initial review of the data of potential interest are identified victims and mini flame installed in order to perform an in-depth monitoring and cyber espionage.The discovery of mini flame for us is a further confirmation of the assumption that the work of the best known developers cyber weapons. Stuxnet, Duqu, Flame, and Gauss’
According Kaspersky has the development of mini flame begin in early 2007 and continued until late 2011. So far, six variants were identified, which are in the stage version 4.x and 5.x. There should be many more.
mini flames infection rate is substantially lower than that of Flame or Gauss. According to the data from Kaspersky Lab are likely only about 10 to 20 machines have been infected. The total number of infected computers around the world should be 50 to 60 pieces. Perhaps mini flame is used for highly targeted cyber-espionage – on computers that were already infected with Gauss or Flame.
Among the functions for data theft are run to create screenshots, especially during browser, Microsoft Office, Adobe Reader, Instant Messenger or an FTP client. Loads the data mini flame on C & C servers, which are also used by Flame. By request of the mini-flame-and-carry operator, an additional module to be sent to an infected system, the USB drives are infected and uses to store the stolen data from infected computers without an Internet connection.