Symantec: Flamer malware has been operational for over 5 years
On September 17, security firm Symantec published an analysis of two newly-detected command-and-control servers which draw attention to some hitherto-unknown information about the cyber espionage tool dubbed Flamer.
With there already being consecutive disclosures about espionage activities being carried out worldwide, the new analysis by the Symantec security researchers revealed that the Flamer malware, which targeted the Middle East, has probably been operational for espionage and cyber warfare activities for over five years; with its most recent operation being as recent as May 2012.
The analysis was based on the scrutiny of records from two command-and-control servers which the Symantec researchers had discovered in conjunction with Kaspersky Lab, the International Multilateral Partnership Against Cyberthreat (IMPACT), and the German computer emergency response team (CERT-Bund).
The comprehensive analysis of the records showed that, in March this year, one computer had gained control over nearly 1,000 computers in the Middle East; while another machine deleted spyware and removed all its traces in May.
Noting that the data within the command-and-control servers clearly hinted that the software could communicate with Flame malware as well as four other clients which may or may not be currently spying on computers, Vikram Thakur - Symantec's chief security response manager - said: "We don't know what the other client types are, but clearly the backend code was meant to handle much more than the Flamer that we know of today."