W32/Flame-A Description

W32/Flame-A, commonly known as ‘Flame’, seems to have originated from Iran and spread from there to various countries in the Middle East and Northern Africa. News of W32/Flame-A has taken a while to spread beyond the Middle East due to a media embargo that halted information from getting out. W32/Flame-A is also known as Skywiper. Many malware researchers have hypothesized that W32/Flame-A is part of a deliberate malware attack carried out against Iran due to its complexity and all the money it will take to create a similar malware infection. However, as W32/Flame-A spreads beyond the Middle East, with infections being reported in Western nations, this idea has lost some ground.

W32/Flame-A Has Some Particularly Nasty Tricks Up Its Sleeve

Another highly-publicized malware infection that also received attention as a possible cyber-warfare attack from one nation to another was the Stuxnet worm. At present, one of the reasons why PC security researchers has trouble detecting all the potential problems that the W32/Flame-A infection poses is that its code is twenty times more extensive than the Stuxnet worm, which is a notably complex malware infection. W32/Flame-A hides itself by containing its code within files in OCX format, which are usually not scanned by most anti-virus programs. W32/Flame-A can change itself depending on the victim’s anti-virus program; for example, if W32/Flame-A detects McShield on the victim’s computer (which does scan OCX files), W32/Flame-A will contain its code in files in TMP format instead!

Is W32/Flame-A the Most Complicated Malware Attack in Existence?

Many PC security analysts have observed that W32/Flame-A is among the most complex pieces of malware that they have ever analyzed. At present, W32/Flame-A has been observed to delete information from infected computers. However, the extent of the severity of this attack is still unknown due to the high degree of complexity in this malware infection. The fact that W32/Flame-A is blazing through computers faster than most malware infections in recent history also points to possible new forms of distribution contained in W32/Flame-A. While there is no doubt that W32/Flame-A is dangerous and has been responsible for huge losses of data and revenue, its new techniques will also allow PC security researchers to learn of new vulnerabilities in security software and computer systems, allowing them to fine-tune their new releases.

Type: Worms

How Can You Detect W32/Flame-A?

W32/Flame-A Removal Details

W32/Flame-A has typically the following processes in memory:

• Windows\System32\msglu32.ocx
• Windows\System32\soapr32.ocx
• Windows\System32\ccalc32.sys
• Windows\System32\nteps32.ocx
• Windows\System32\boot32drv.sys
• windows\system32\mssecmgr.ocx
• Windows\System32\advnetcfg.ocx

W32/Flame-A creates the following registry entries:

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\”Authentication Packages” = “mssecmgr.ocx”

Important Article Disclaimer