W32/Flame-A
Posted: May 29, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 5/10 |
|---|---|
| Infected PCs: | 81 |
| First Seen: | May 29, 2012 |
|---|---|
| OS(es) Affected: | Windows |
W32/Flame-A (also known as Skywiper, Flame or Flamer) is a worm and backdoor Trojan that, like Stuxnet, appears to have been designed for intercountry warfare and industrial sabotage. Unless you're a government operative or scientist in the Middle East, chances of your PC being targeted and harmed by W32/Flame-A are low, but there are some indications of W32/Flame-A (most likely inadvertently) spreading to countries in other regions, notably including Eastern Europe. W32/Flame-A's capabilities include keylogging, allowing backdoor access to your PC and the unauthorized transmission of data to and from your computer – all activities that are typical of backdoor Trojans and spyware. Because W32/Flame-A has a highly-advanced defensive feature set that allows W32/Flame-A to react to the presence of anti-malware programs, you should be prepared to go above and beyond normal measures for removing malicious software, and keep your anti-malware scanners updated so that they can adequately detect W32/Flame-A.
W32/Flame-A: Wiping Your Computer Clean as the Clear Blue Sky
W32/Flame-A is believed to be a replacement for Stuxnet in the ongoing war of computer-based sabotage between the US and Israel against Iran. While W32/Flame-A's attacks are generally applicable to causing a wide range of damage, typical behavior for W32/Flame-A includes recording keyboard input to snatch personal information, stealing account passwords and using screenshots to glean additional info from the infected computer. W32/Flame-A also creates serious security vulnerabilities that can be exploited to allow remote servers to control your computer –such attacks, like the rest of W32/Flame-A's activities, don't leave obvious symptoms that can be seen by the naked eye.
Just like its apparent ancestor, Stuxnet, W32/Flame-A can also infect new computers by copying itself to removable media devices such as USB drives. W32/Flame-A is designed for Windows operating systems from Windows 7 all the way back to at least Windows XP, and, as of the time of this writing, PC security companies have only recently begun to develop defenses against W32/Flame-A. This mandates avoiding usage of removable devices and updating your security software in the face of any possible W32/Flame-A infection.
The Tricks in Pinning Down a W32/Flame-A Attack
Beyond the sheer girth of its code and hostile capabilities, W32/Flame-A also has an extra little feature that has lead PC security companies and SpywareRemove.com malware experts to suspect a little government involvement in its development: its reactive defenses towards anti-virus scanners. By default, W32/Flame-A will infect .ocx files – a file type that's reserved for operating systems and software development. However, if W32/Flame-A detects a security program that scans .ocx files habitually, W32/Flame-A will switch to infecting .tmp files.
Since its detection, reputable PC security experts have labeled W32/Flame-A '…the most sophisticated cyber weapon yet unleashed.' Naturally, manual attempts to find or remove W32/Flame-A should never be done without some significant assistance from PC security professionals, and SpywareRemove.com malware researchers personally recommend involving appropriate anti-malware products in any case of suspected W32/Flame-A infection.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 892.41 KB (892417 bytes)
MD5: b51424138d72d343f22d03438fc9ced5
Detection count: 99
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
file.exe
File name: file.exeSize: 614.4 KB (614400 bytes)
MD5: f47bd1af6f6fbc2559d6ab5069d394eb
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
03.exe
File name: 03.exeSize: 29.92 KB (29928 bytes)
MD5: 1f61d280067e2564999cac20e386041c
Detection count: 94
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 20, 2012
noname.dll
File name: noname.dllSize: 188.41 KB (188416 bytes)
MD5: bddbc6974eb8279613b833804eda12f9
Detection count: 4
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: June 20, 2012
Windows\System32\boot32drv.sys
File name: Windows\System32\boot32drv.sysFile type: System file
Mime Type: unknown/sys
Group: Malware file
Windows\System32\ccalc32.sys
File name: Windows\System32\ccalc32.sysFile type: System file
Mime Type: unknown/sys
Group: Malware file
Windows\System32\msglu32.ocx
File name: Windows\System32\msglu32.ocxMime Type: unknown/ocx
Group: Malware file
Windows\system32\mssecmgr.ocx
File name: Windows\system32\mssecmgr.ocxMime Type: unknown/ocx
Group: Malware file
Windows\System32\nteps32.ocx
File name: Windows\System32\nteps32.ocxMime Type: unknown/ocx
Group: Malware file
Windows\System32\soapr32.ocx
File name: Windows\System32\soapr32.ocxMime Type: unknown/ocx
Group: Malware file
Windows\System32\advnetcfg.ocx
File name: Windows\System32\advnetcfg.ocxMime Type: unknown/ocx
Group: Malware file
noname4.dll
File name: noname4.dllSize: 307.62 KB (307620 bytes)
MD5: 75de82289ac8c816e27f3215a4613698
Detection count: 0
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: June 20, 2012
Registry Modifications
HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\"Authentication Packages" = "mssecmgr.ocx"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.