Talk:Flame (malware)

Latest comment: 2 months ago by Erdemmurder in topic Outdated?

The malware infection in Israel

edit

Infections in Israel were discovered only in computers belong to palestinians (easily confirmed in RS). Also, there are some reports that the malware infected computers in the US and Russia. — Preceding unsigned comment added by 85.64.90.2 (talk) 10:31, 29 May 2012 (UTC)Reply

A link or two would help; I haven't seen that specific claim yet in what I've read (BBC, Wired, etc.). Khazar2 (talk) 10:40, 29 May 2012 (UTC)Reply
A cursory search has turned up only a couple of mentions, and none of these are reliable sources nor do they provide reliable sources for this claim (in fact most seem to be personal blogs). Besides, it would be pretty difficult for a piece of software to determine the race or nationality of its user. I could see there being a chance that it targets computers set to use Arabic, but that's far from singling out Palestinians specifically. Until a reliable source for this is found, let's leave this kind of speculation out of discussion since it could quite easily be considered offensive or inflammatory (i.e., that it's some sort of anti-Palestinian thing created by Zionists). Amity Lane (talk) 00:24, 30 May 2012 (UTC)Reply
In defense of the IP user, security experts have said that the malware appears to have been deployed only against a small number of specific targets, so this claim isn't impossible. But I agree that I haven't seen it yet either. Khazar2 (talk) 00:48, 30 May 2012 (UTC)Reply
Amity Lane, please stay focus: no one argued that the software determines users' nationality or race, however -it do target computers that are of interst for her. Given that Hamas activity is strong in the west bank, for instance, and it's well known and established that much of Hamas budget, weapon and training come in recent years from Iran, it wouldn't be too much to speculate that there are interesting computers for this malware in the Judea and Semaria the same way that it found interesting computers in Sudan and Lebanon. Ofcourse, this is all OR, I'm not arguing for including it in the article, just taking your sting out. You're right that yet there are no RS for the argument that the malware infected computers in the US and Russia, this is much my bad and I appologise for it. Richard Silverstein is interesting source which was found many times to be very valueable after all but yet as his sources are not known and he's no a main stream media we can't say he's RS. Yesterday the PM of Israel, Netanyau was cited in a conference strongly implying that Israel was behind the malware but yet for some reason I can't find any RS in English citing him (though one RS in Hebrew (NRG) did cite him in details). Also, official source in the White House spoken out that only the US (specifically the NSA) may be behind the malware given its complexity but he a. admited that he have no specific information or certainity and he only speculate. b. the identity of this sources is uncovered so we don't know how good he's in evaluating such things and I would doubt him for being an expert if he imply that the technical abilities of the tecnological branches of unit 8200 are failing behind those of the NSA. — Preceding unsigned comment added by 85.64.90.2 (talk) 08:57, 30 May 2012 (UTC)Reply
Here is the Hebrew source that cite Netanyau [1], and what is written it can be translated as: "...On the background of the reports on the new malware that attacked Iran Netanyau said that
"The cybere capabilities that we are developing increase the defense abilities of the state of Israel, in this area there is not much importance for the size of one country but there is much importance for its technological strength and Israel is blessed with that".--85.64.90.2 (talk) 11:10, 30 May 2012 (UTC)Reply
While an interesting quotation, that's a far cry from explicitly stating "Yes, we created this software" (though it's certainly closer to that than a denial). Also my initial point was not in regards to the US or Russia, nor the origin of the software, but your initial claim that "Infections in Israel were discovered only in computers belong to palestinians" which is not sourced as far as I can see and I haven't been able to find any support for this claim other than blog posts. Please assume my good faith; there's no intentional "sting" in my replies. I'm just trying to prevent speculation on this topic that could potentially lead to Middle East tensions being brought onto WP. Amity Lane (talk) 12:33, 30 May 2012 (UTC)Reply
Amity Lane, I do AGF, 100% of it. I didn't mean that you meant any evil when I refered to your "sting" just pointed to that your first reply was a bit sarcastic (in regard to that the software can't identify one's race or nation which is ofcourse not what I meant). In any case, I read it on Ynet (the largest internet portal in Israel) which is usually considered RS, but I don't have this article in English. We should let time to answer the question about the malware origin, whether it's Israel, US or both. --85.64.90.2 (talk) 14:31, 30 May 2012 (UTC)Reply
I agree. Hopefully this time around the origin will be verifiable so we don't have to have another complicated origins section like with the Stuxnet article. Amity Lane (talk) 14:34, 30 May 2012 (UTC)Reply
Someone might consider the inclusion of this[2] or this [3]in the article.--85.64.90.2 (talk) 07:17, 7 June 2012 (UTC)Reply

Why has the article been protected?

edit

One vandal from an educational institution, and everyone is punished. Nice! 220.239.241.183 (talk) 12:45, 30 May 2012 (UTC)Reply

This article was actually vandalized at a rate of once or twice an hour all day yesterday. I think it's the hacking connection; seeing a mention of cyberwarfare made 14-yr-olds want to do "cyberwarfare" of their own. =) Khazar2 (talk) 15:49, 30 May 2012 (UTC)Reply
bless — Preceding unsigned comment added by 85.210.6.0 (talk) 21:16, 30 May 2012 (UTC)Reply
Anonymous users could consider creating an account for themselves so to avoid further irrelevant limitations. Becoming an established user is easy. However vandals, even registered, will be exterminated. AgadaUrbanit (talk) 21:44, 30 May 2012 (UTC)Reply
edit

The screenshot of the Flame module names has been nominated for deletion at Commons on account of copyright violation. Socrates2008 (Talk) 11:17, 5 June 2012 (UTC)Reply

May I be the first to say, this is retarded 75.92.227.144 (talk) 23:54, 25 February 2013 (UTC)Reply

Flame Activity Status

edit

Many visitors to this site will be concerned that their computer is infected, so this section should be kept up-to-date for this urgent information.

2012 June: Most current anti-virus software programs can detect Flame and disable or remove it.
Kaspersky has built several (surrogate) drain sites that intercept & destroy most of the traffic from the many computers still infected by the bot.
Microsoft has updated Windows to close the vulnerability in all of the currently supported versions. However, Windows will not remove or disable any existing infection.
Flame (followed recently by its younger brother, Stuxnet) was developed around 2007 or 2008, and discovered late in 2011.
Wikidity (talk) 02:24, 9 June 2012 (UTC)Reply

Spread

edit

The article says that Flame spreads by USB stick or network. Could someone add the information on how exactly it does this? Does it put fake Microsoft update files on every inserted USB stick? Does it do a MITM attack over the LAN on Windows Update? What exactly happens to enable this to spread? Barry McGuiness (talk) 12:30, 6 June 2012 (UTC)Reply

Flame includes multiple exploits (at the time, zero-days) that enabled different spreading mechanisms. The Windows update one is important because it involved a special cryptographic attack that let them sign the malware payload as if it came from Microsoft and push it as a local windows update (something used for enterprise environments). ResreveR ehT (talk) 15:26, 13 December 2023 (UTC)Reply

Wiper upgraded?

edit

Isn't Flame/SkyWiper an enhanced version of an original virus called simply "Wiper"? --User:SmartyPantsKid 15:53, 25 June 2013 (UTC)Reply

No. The investigation into 'Wiper' lead to the discovery of Flame but they're entirely different. It's suspected that 'Wiper' was related to DuQu but the component was never recovered. ResreveR ehT (talk) 15:16, 13 December 2023 (UTC)Reply

malware or cyber warfare

edit

It seems reasonably clear that this was a government virus. Doesn't that make it cyber warfare rather than malware?Royalcourtier (talk) 07:24, 6 April 2016 (UTC)Reply

Outdated?

edit

Is Flame still a viable threat? This article doesn't talk about any occurrence of Flame after 2012, and I haven't been able to find any other sources showing that it's been around since 2012. If Flame is still an active issue, the article needs to be updated with more recent material; otherwise, the text should be edited to put most of the description in the past tense. — Richwales (no relation to Jimbo) 20:57, 29 June 2016 (UTC)Reply

No, Flame is not an active issue as in today. It "may" be in the future. Some rumors are going around in the forums but for now it is hibernated/quarantined. Erdemmurder (talk) 08:01, 27 September 2024 (UTC)Reply