

‘Flame’ Virus explained: How it works and who’s behind it - kds
http://www.rt.com/news/flame-virus-cyber-war-536/

======
freehunter
Headline: "How it works and who's behind it"

Article: "So it is unclear who is behind that, and we try not to speculate who
could be behind such attacks."

~~~
zby
Yeah - so dissapointing - the article is just a link bait with no new
information beside what was already revealed in the original story on
HackerNews a few days ago.

------
gaius
Kaspersky again. I'll refer you to my recent comment
<http://news.ycombinator.com/item?id=4033892>

_It can steal information from the input boxes when they are hidden behind
asterisks_

OMG!!

~~~
kds
Thanks for sharing your opinion - I'd give them credit, though. At least
they've discovered the virus during their investigative research.

------
drtse4
RT, not the best source for any kind of explanation...

------
kds
" _It was actually after an inquiry from the International Telecommunications
Union, which is a part of the United Nations, who actually asked us to start
conducting research_ " ...Wow, this sounds serious, indeed.

~~~
freehunter
A little more interesting when they say this wasn't even what the ITU called
them to investigate.

------
drivingmenuts
My guesses are Israel, the US, Russia & China, in descending order.

------
aiscott
Flame is not remotely in the same category as stuxnet.

The news agencies are confusing capability with complexity. Stuxnet was very
targeted with insider information on esoteric industrial systems. It was
designed to fly under the radar, cause damage to physical systems in such a
way that it would appear to be from "wear and tear."

As I recall, stuxnet used some compiler shenanigans to obfuscate stackframes
and make it difficult to decompile (after having first decrypted the
executable code).

Flame is written in Lua! A scripting language! So to say that somehow Flame is
going to be hard to analyze is absurd.

It's a 20MB package of the Lua VM, the scripts, and modules like sqlite. It's
about as vanilla of an application as you can get!

They claim this 20MB package size is going to make it super duper hard to
analyze, and yet they have the source code to look at, and while it's a decent
size at 3k lines, it's SOURCE CODE. Not obfuscated machine language.

The coverage on this is just stupid.

Some good information on Flame is at
[http://www.securelist.com/en/blog/208193522/The_Flame_Questi...](http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers)
. It still has the absurd commentary, but at least it gives details on what is
actually there.

~~~
kds
Thanks for the securelist-link. It's indeed a better source for some technical
details, also from a Kaspersky expert... But in the RT-interview the
Kaspersky's chief malware expert says things that concur with what you share:
" _There is no reliable relation between Stuxnet and Flame as we call it…they
are completely different. Because Stuxnet was a small application developed
for a particular target with the specific objective to interact with
industrial control systems and break them down. And Flame is a universal
attacking tool kit used mostly for cyber espionage._ "

