Malwares, which employ the same command and control (C&C) servers attributed to Flame, remain in active circulation, according to new findings issued by the same team that detected and tracked the powerful computer spy tool earlier in 2012.
The analysis issued recently by web security experts Kaspersky Lab and Symantec, along with the UN International Telecommunication Union's (ITU) IMPACT Alliance, CERT-Bund/BSI, pointed to the likelihood that at least three malicious softwares are out there and possibly waiting for instructions to do what they were programmed for.
One of them, according to PC Magazine, is thought to function and behave like Flame, which the ITU and Kaspersky has unmasked May this year following leads provided by Iranian authorities,
The virus, which breached as many as 5,000 computer systems that run on Windows around the world, resides on a machine to record its activities - keyboard typing, voice and email correspondence and even capturing screenshots - then compress the data and send them back to the master controller.
- FOLLOW IBTIMES
According to Kaspersky, at least four developers have conspired to cook up the reconnaissance program that The Washington Post had described on its earlier report as part of the concerted efforts to undermine Iran's nuclear development initiatives.
Stuxnet, which was dispatched to sabotage Iran's nuclear centrifuge, is believed to be under the same umbrella, The Register said.
Behind the malware were undeniably ingenious minds and almost limitless funds, which prompted experts to conclude that governments were likely fuelling its stealthy and sophisticated operations.
It is not far-off then, the report said, that malwares still on the loose could largely replicate in the near future what Flame and Stuxnet had achieved in the past.
Flame alone, according to Kaspersky Lab researcher Alexander Gostev, "might be the most sophisticated cyber weapon yet unleashed . . . and is certainly an example of cyber espionage conducted on a massive scale."
Flame's architecture is so complex that computer forensic experts tasked to dissect its inner workings and trace its origin could only offer on the new report that the C&C platform governing its operation was possibly started in December 2006.
And latest analysis increasingly indicates that what were seen earlier this year was not the entire scheme of things intended for Flame. Its mechanism remains a work in progress, Mr Gostev said.
Such idea is supported by the discovery of 'Red Protocol' on the subject C&C servers, which Kaspersky said was last modified in May 2012 but deemed unimplemented to date.
Researchers were only afforded breakthrough on their probe when they stumbled on what appeared as unintended mistake on the part of Flame's controllers. They failed to destroy records automatically created by the malware in performing its appointed tasks.
Those recovered log files bared thousands of IP addresses that were connected to the C&C servers and showed that more than 5GB of data were filtered out by the virus from infected PCs in only a week's time.
This whole cycle could be re-created, though in expectedly revised roll outs, once the subject servers were reactivated and detecting the intrusions would not be an easy task for majority of PC users.
Flame, The Register said, is packed with fake Microsoft security certificates, which can effectively dupe computer systems to allow its installation. The virus passes itself as a verified Windows update.
This article is copyrighted by IBTimes.com.au, the business news leader