W32.Flamer.B, also known as MiniFlame, is an additional module of a dangerous malware attack known as Flame. This additional module was first detected in October of 2012 and W32.Flamer.B augments the effects of Flame, a dangerous malware infection that has spread throughout the Middle East since Spring of 2012. ESG security researches suspect that W32.Flamer.B and Flame are part of a state sponsored attack not unlike Stuxnet, a well known computer worm that was used to attack nuclear facilities in Iran. In fact, there are various links between Flame (and W32.Flamer.B) and the Stuxnet worm, both in their code and in their intended targets. Even though W32.Flamer.B was initially detected in the Middle East, versions of W32.Flamer.B popping up in computers located in Western Europe, Africa, and even North America.
W32.Flamer.B and the Flame Family of Malware
The Flame family of malware and W32.Flamer.B are quite sophisticated. In fact, their complexity has made it difficult for PC security researchers to study W32.Flamer.B in depth (one of the reasons why it is months later that this additional module was detected and isolated). To put it into perspective, the code for Flame is more than twenty times longer than the one for Stuxnet (previously the most sophisticated malware threat known). One other aspect of W32.Flamer.B that makes it difficult to study is that the criminals that created W32.Flamer.B have made it incredibly resilient to removal. While most malware infections are contained in a particular type of file, W32.Flamer.B can be contained in various kinds of files and changes depending on the weaknesses of the security software detected on the victim’s computer.
What is W32.Flamer.B Used For?
W32.Flamer.B is one of the backdoor components of this dangerous malware family. It can be used to steal sensitive information located on the infected computer. In fact, it seems that W32.Flamer.B specifically targets sensitive government or intelligence information that may be useful to a nation looking to obtain intelligence on its enemy. W32.Flamer.B can also be utilized to accomplish a digital attack on the target and can be ordered to delete data from the infected computer. One of the most difficult aspects of studying W32.Flamer.B and its variants is the fact that the code is incredibly obfuscated. One of the most worrying aspects of W32.Flamer.B is that criminals may be able to reverse engineer some of its modules in order to mount attacks on civilian targets in the near future.
How Can You Detect W32.Flamer.B?