Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

W32.Flamer Information

Created: 31 May 2012 • Updated: 21 Jun 2012 | 22 comments
Thomas K's picture

W32.Flamer is a worm that spreads through removable drives. It also opens a back door and may steal information from the compromised computer. Highly sophisticated and discreet, the Flamer threat contains code that is on par with Stuxnet and Duqu in complexity. It appears to be the work of a well-funded group targeting Eastern Europe and the Middle East.

Keep up with the latest information on this new threat by subscribing to this thread.

W32.Flamer 
http://www.symantec.com/security_response/writeup.jsp?docid=2012-052811-0308-99
W32.Flamer!gen
www.symantec.com/security_response/writeup.jsp?docid=2012-053007-0702-99
Security Response Blog 1
http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet-threat-targets-middle-east
Security Response Blog 2
http://www.symantec.com/connect/blogs/painting-picture-w32flamer
Outbreak Page
http://www.symantec.com/outbreak/?id=flamer

Latest Blogs

W32.Flamer: Enormous Data Collection 6/4/12

W32.Flamer: Microsoft Windows Update Man-in-the-Middle 6/4/12

Flamer: Urgent Suicide 6/6/12

Flame Malware exploits Microsoft's digital certificate  6/7/12

Comments 22 CommentsJump to latest comment

Aniket Amdekar's picture

Fantastic info! Thanks for the post.

Regards,

Aniket 

pete_4u2002's picture

Thumbs up for putting up blogs and article on one page!

vikram3500's picture

Are you seeing this spread to other geographies and industries yet? What kind of trends have you observed? Would be interested to know this info

Ashish-Sharma's picture

Thanks for sharing information yes

Thanks In Advance

Ashish Sharma

Mithun Sanghavi's picture

Hello,

Here are the Latest BLOG from Symantec Security Response Team

Flamer: A Recipe for Bluetoothache

http://bit.ly/JRjm5K

W32.Flamer: Spreading Mechanism Tricks and Exploits

http://bit.ly/KxdLiM

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Mithun Sanghavi's picture

Hello,

Here is the Latest BLOG from Symantec Security Response Team

W32.Flamer: Leveraging Microsoft Digital Certificates

http://bit.ly/K8WXun

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

riva11's picture

Do you know if there is some report about the spread in a corporate environment ? This virus seems to be limited to governative targets.

Thomas K's picture

@ riva11, Everything that we can publish publicly is listed in this thread. Keep checking back here for new reports.

Best,

Thomas

Srikanth_Subra's picture

All useful info in one place!!!

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

DCourtel's picture

Hello Microsoft release a patch (in this patch tuesday) KB2718704 for stopping Man-in-the-middle attack from Flamer and others :

http://answers.microsoft.com/en-us/windows/forum/windows_xp-security/kb2718704-connection-to-flame-malware/ca73ce4b-4718-4926-bb86-b21a1762012a

This update should be installed asap.

DCourtel.

End User Support Technician

Publish Third Party Applications in Wsus : http://wsuspackagepublisher.codeplex.com/

Andrew Wiggin's picture

I especially want to thank DCourtel for the link to the MS KB (http://support.microsoft.com/kb/2718704) and Mithun Sanghavi for his link to the blogs: good info.

If anyone is in need of even more reading on flame, OpenDNS also has some interesting comments on this particular bug: http://blog.opendns.com/2012/06/01/unique-insight-into-flame-malware/

clone4501's picture

On Monday, a single windows update was downloaded to my computer.

How can I tell if this update was from the W32.Flamer?

At the time I was running Norton Internet Security 2012 in Windows 7.

Thomas K's picture

Go to add/remove progams, check the "Show Updates" box, then scroll down to the list looking for KB2718704.

If it is shown, then your system is updated with the security patch.

clone4501's picture

Thanks, Thomas.

The patch was applied on Monday, the day I noticed the automatic update.

Richard

Mick2009's picture

Followers of this W32.Flamer thread may also be interested in a related threat, W32.Gauss

https://www-secure.symantec.com/connect/blogs/complex-cyber-espionage-malware-discovered-meet-w32gauss

With thanks and best regards,

Mick

Mick2009's picture

This new analysis from Symantec Security Response may be of interest to followers of this thread:

Have I Got Newsforyou: Analysis of Flamer C&C Servers
https://www-secure.symantec.com/connect/blogs/have-i-got-newsforyou-analysis-flamer-cc-servers

With thanks and best regards,

Mick

Mick2009's picture

Another new finding from Symantec Security Response may be of interest to followers of this thread:

W32.Flamer.B: Additional Module Discovered
https://www-secure.symantec.com/connect/blogs/w32flamerb-additional-module-discovered

With thanks and best regards,

Mick

Thomas K's picture

Hi Mick,

Thanks for updating the thread.

Cheers,

Thomas

rudyCNP's picture

Threat came out in June, just found it on an old USB drive of mine that was in a storage box.