Flame espionage malware issues self-destruct command



    The Flame espionage malware that infected Iranian computers has initiated a self-destruct command that removes all traces of itself on infected machines that receive the instruction, researchers said.

    The 20-megabyte piece of malware already had a self-destruct module known as SUICIDE that removed all files and folders associated with Flame, but the purging command observed by Symantec researchers instead relied on a file called browse23.ocx that did much the same thing. The removal tool, which researchers from Kaspersky Lab briefly documented last month, was downloaded from a command and control server still under the control of Flame attackers to several machines in a honeypot. White hats monitored the activities of the sophisticated malware, which is also known as Flamer and sKyWIper.

    “This command was designed to completely remove Flamer,” Symantec researchers wrote in a blog post. “The Flamer attackers were still in control of at least a few C&C servers, which allowed them to communicate with a specific set of compromised computers.”

    Read more | Comments

    See more here:
    Flame espionage malware issues self-destruct command


    Please enter your comment!
    Please enter your name here


    This site uses Akismet to reduce spam. Learn how your comment data is processed.