Turkey suspected as a server for the infamous Flame virus

[Saithan]

A Russian-based internet security firm working on the Flame virus has identified Turkey as a prime suspect for the server location, daily Hürriyet has reported.

Kaspersky Lab, which identified the virus, discovered around 80 servers that were using the virus, all of which were located in four different countries: Turkey, Germany, Italy and Vietnam.

Turkey had the strongest server until several days after the discovery, when it moved to Germany.

The Flame virus hit several countries including Israel and Syria recently, but Iran recived the heaviest hit with over 180 attacks on its systems. The motive behind the cyber attack remains unknown.

source: SCIENCE & TECHNOLOGY - Turkey suspected as a server for the infamous Flame virus

 

[Sharki]

Probably, this is a troyan command & Control server, for example: USENET, TELNET, SSH & IRC..

Interesting..

Many commentators are in consensus that such a massive undertaking could only be the work of state-level players, not rogue or small-time hackers. Israel, the United States, Russia and China are known to have high-level capabilities in this field. But according to Avi Weisman, head of See Security / Information Security & Cyber Warfare College, the number of countries, international organizations or agencies with such abilities is growing constantly.

"We'd better get used to this fact," Weisman said in a radio interview, listing Iran, Turkey and Egypt, among others, as countries with such capabilities.

latimesblogs.latimes

 

[PERSIAN GOD KING]

Dont worry America, Iran cyber army is capable and YOU are helping making the more powerful.
just we learn decades of your technology from your RQ-170 we will learn from your viruses and create defences for them.

 

[Sharki]

Dont worry America, Iran cyber army is capable and YOU are helping making the more powerful.
just we learn decades of your technology from your RQ-170 we will learn from your viruses and create defences for them.

Good luck. Usa and Israel is at the forefront of military and cyberwar technology.

Following to investigations started since 2010, about Stuxnet and Duqu, Iran National CERT (MAHER) has done a technical survey during past several months. MAHER publishes information about the last found sample for the first time.
ID: IRCNE2012051505
Date: 2012-05-28

Having conducted multiple investigations during the last few months, the Maher center, the Iranian CERTCC, following the continuous research on the targeted attacks of Stuxnet and Duqu since 2010, announces the latest detection of this attack for the very first time.
The attack, codenamed "Flame" is launched by a new malware. The name “Flame” comes from one of the attack modules, located at various places in the decrypted malware code. In fact this malware is a platform which is capable of receiving and installing various modules for different goals. At the time of writing, none of the 43 tested antiviruses could detect any of the malicious components. Nevertheless, a detector was created by Maher center and delivered to selected organizations and companies in first days of May. And now a removal tool is ready to be delivered.
Some features of the malware are as follows:
· Distribution via removable medias
· Distribution through local networks
· Network sniffing, detecting network resources and collecting lists of vulnerable passwords
· Scanning the disk of infected system looking for specific extensions and contents
· Creating series of user’s screen captures when some specific processes or windows are active
· Using the infected system’s attached microphone to record the environment sounds
· Transferring saved data to control servers
· Using more than 10 domains as C&C servers
· Establishment of secure connection with C&C servers through SSH and HTTPS protocols
· Bypassing tens of known antiviruses, anti malware and other security software
· Capable of infecting Windows Xp, Vista and 7 operating systems
· Infecting large scale local networks
According to file naming conventions, propagation methods, complexity level, precise targeting and superb functionality, it seems that there is a close relation to the Stuxnet and Duqu targeted attacks.
The research on these samples implies that the recent incidents of mass data loss in Iran could be the outcome of some installed module of this threat.
A list of the major infection components of this malware is presented below; these samples would be available for security software vendors.



Registry key existence
HKEY_LOCAL_MACHINE\CurrentControlSet\Control\Lsa\Authentication Packages -> mssecmgr.ocx
Malware binaries
windows\system32\mssecmgr.ocx
Windows\System32\ccalc32.sys
Windows\System32\msglu32.ocx
Windows\System32\boot32drv.sys
Windows\System32\nteps32.ocx
Windows\System32\advnetcfg.ocx
Windows\System32\soapr32.ocx


certcc.ir

 

[PERSIAN GOD KING]

Yes that is why their drones was hacked into by hezbollah and Iran.
they are on the forefront of killing innocent people and creating lied to justify their actions that is it.

Iran is capable, if these attack were targeting another countries then I assure they would not have any computer left running.
just the fact we are dealing with the virus and destroying from our system shows we have a good capability. we just need to create a early detection system against such viruses.

 

[what]

Dude, Persian God King, you need to chill. You're always going into defence-mode immediately.

 

[Sharki]

Dude, Persian God King, you need to chill. You're always going into defence-mode immediately.

The solution, creating a national Software (computer operating system), for example: Turkish Pardus.

 

[LegionnairE]

Good luck. Usa and Israel is at the forefront of military and cyberwar technology.

I still think US is quite new in this game they opened the cyber warfare command only a few years ago. Russia and China 've been doing this thing under government order for a ... while and i doubt they are sitting idly

 

[iajj]

turkics are getting into this game because, like jews and anglo-americans, they too belong to the family of murderous, terrorist, rootless, sinister races who find security and comfort only in the subaltern methods of war and terror and lack the honor and dignity and pride to engage their enemies otherwise.

it is time to recognize that a turkic with a piece of metal or even a computer on her person must be considered a terrorism suspect

 

[Zulkarneyn]

turkics are getting into this game because, like jews and anglo-americans, they too belong to the family of murderous, terrorist, rootless, sinister races who find security and comfort only in the subaltern methods of war and terror and lack the honor and dignity and pride to engage their enemies otherwise.

it is time to recognize that a turkic with a piece of metal or even a computer on her person must be considered a terrorism suspect

Now every Turk with a computer is a terrorist, hmm that makes automatically all the turks in the world terrorists

 

[Markus]

Dont worry America, Iran cyber army is capable and YOU are helping making the more powerful.
just we learn decades of your technology from your RQ-170 we will learn from your viruses and create defences for them.

Kaspersky which detected Flame malware has said it will take them atleast 10 years to understand the complete code and put them in perspective.

The whole Flame malware is in excess of 20 MB in size.

 

[tesla]

turkics are getting into this game because, like jews and anglo-americans, they too belong to the family of murderous, terrorist, rootless, sinister races who find security and comfort only in the subaltern methods of war and terror and lack the honor and dignity and pride to engage their enemies otherwise.

it is time to recognize that a turkic with a piece of metal or even a computer on her person must be considered a terrorism suspect

you are always repeating same chorus, be creative please

 

[Sharki]

Kaspersky which detected Flame malware has said it will take them atleast 10 years to understand the complete code and put them in perspective.

The whole Flame malware is in excess of 20 MB in size.

Compared, Stuxnet malware is around of 2MB in size.

 

[Ottoman-Turk]

Arkadaslar biz bu virus felan hakkinda ulkemiz guclumu , nekadar kapasitemiz var

 

[Sharki]

Arkadaslar biz bu virus felan hakkinda ulkemiz guclumu , nekadar kapasitemiz var

Siber ordumuz yok, BTK ve birçok kurum önlem alamaya çalisiyor, yeterli degil. Su Siber savas ve siber savunma isi, TSK'ya verilmeli. Turkish Cyberwar command.