W32.Flamer Information
W32.Flamer is a worm that spreads through removable drives. It also opens a back door and may steal information from the compromised computer. Highly sophisticated and discreet, the Flamer threat contains code that is on par with Stuxnet and Duqu in complexity. It appears to be the work of a well-funded group targeting Eastern Europe and the Middle East.
Keep up with the latest information on this new threat by subscribing to this thread.
W32.Flamer
http://www.symantec.com/security_response/writeup.jsp?docid=2012-052811-0308-99
W32.Flamer!gen
www.symantec.com/security_response/writeup.jsp?docid=2012-053007-0702-99
Security Response Blog 1
http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet-threat-targets-middle-east
Security Response Blog 2
http://www.symantec.com/connect/blogs/painting-picture-w32flamer
Outbreak Page
http://www.symantec.com/outbreak/?id=flamer
Latest Blogs
W32.Flamer: Enormous Data Collection 6/4/12
W32.Flamer: Microsoft Windows Update Man-in-the-Middle 6/4/12
Flamer: Urgent Suicide 6/6/12
Flame Malware exploits Microsoft's digital certificate 6/7/12
Comments 22 Comments • Jump to latest comment
Fantastic info! Thanks for the post.
Regards,
Aniket
Thumbs up for putting up blogs and article on one page!
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Are you seeing this spread to other geographies and industries yet? What kind of trends have you observed? Would be interested to know this info
Thanks for sharing information
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
vikram3500,
these links should answer your queries.
W32.Flamer
http://www.symantec.com/security_response/writeup.jsp?docid=2012-052811-0308-99
W32.Flamer!gen
www.symantec.com/security_response/writeup.jsp?docid=2012-053007-0702-99
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hello,
Here are the Latest BLOG from Symantec Security Response Team
Flamer: A Recipe for Bluetoothache
http://bit.ly/JRjm5K
W32.Flamer: Spreading Mechanism Tricks and Exploits
http://bit.ly/KxdLiM
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hello,
Here is the Latest BLOG from Symantec Security Response Team
W32.Flamer: Leveraging Microsoft Digital Certificates
http://bit.ly/K8WXun
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Do you know if there is some report about the spread in a corporate environment ? This virus seems to be limited to governative targets.
@ riva11, Everything that we can publish publicly is listed in this thread. Keep checking back here for new reports.
Best,
Thomas
Ooyala Community
All useful info in one place!!!
Thanks & Regards,
Srikanth.S
"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)
Hello Microsoft release a patch (in this patch tuesday) KB2718704 for stopping Man-in-the-middle attack from Flamer and others :
http://answers.microsoft.com/en-us/windows/forum/windows_xp-security/kb2718704-connection-to-flame-malware/ca73ce4b-4718-4926-bb86-b21a1762012a
This update should be installed asap.
DCourtel.
End User Support Technician
Publish Third Party Applications in Wsus : http://wsuspackagepublisher.codeplex.com/
I especially want to thank DCourtel for the link to the MS KB (http://support.microsoft.com/kb/2718704) and Mithun Sanghavi for his link to the blogs: good info.
If anyone is in need of even more reading on flame, OpenDNS also has some interesting comments on this particular bug: http://blog.opendns.com/2012/06/01/unique-insight-into-flame-malware/
On Monday, a single windows update was downloaded to my computer.
How can I tell if this update was from the W32.Flamer?
At the time I was running Norton Internet Security 2012 in Windows 7.
Go to add/remove progams, check the "Show Updates" box, then scroll down to the list looking for KB2718704.
If it is shown, then your system is updated with the security patch.
Ooyala Community
Thanks, Thomas.
The patch was applied on Monday, the day I noticed the automatic update.
Richard
Great info
perfect
Followers of this W32.Flamer thread may also be interested in a related threat, W32.Gauss
https://www-secure.symantec.com/connect/blogs/complex-cyber-espionage-malware-discovered-meet-w32gauss
With thanks and best regards,
Mick
This new analysis from Symantec Security Response may be of interest to followers of this thread:
With thanks and best regards,
Mick
Another new finding from Symantec Security Response may be of interest to followers of this thread:
With thanks and best regards,
Mick
Hi Mick,
Thanks for updating the thread.
Cheers,
Thomas
Ooyala Community
Threat came out in June, just found it on an old USB drive of mine that was in a storage box.
Would you like to reply?
Login or Register to post your comment.