Recently discovered malware, called miniFlame, can apparently operate independently or as a plug-in for the Flame...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
malware and the Gauss malware. Could you explain how miniFlame operates? Is it strictly a cyberweapon that targets nation-states, or should enterprises be concerned too?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
The miniFlame malware, also known as SPE malware, is reported to be a module of both the Flame and Gauss malware, but could also potentially operate as standalone malware. Many pieces of malware come with modular functionality, meaning new attacks or functionality can be added as it is developed, much like legitimate software. Using modular software development practices allows an attacker or developer to expand the functionality of the malware without needing to develop an entirely new version of the software and deploy it to the compromised systems. Using modular development, only the new functions or plug-ins need to be installed, rather than reinstalling all of the software. For example, if an attacker wanted to target a new bank with previously developed malware, the functionality could be added as a plug-in rather than updating the core software. Another benefit is that only the new module would need to be tested, which again cuts down on the time needed to develop an attack.
In terms of how miniFlame works, it shares some of the same command-and-control infrastructure with Flame and Gauss. It is used as a back door to allow control by an external attacker. MiniFlame works by connecting to a client system that controls the server installed on the compromised system. In comparison with Flame and Gauss, miniFlame is much smaller in size and has infected a small number of systems, which tends to indicate that it is being used in highly targeted attacks. Like the Flame and Gauss malware before it, miniFlame itself is not a significant concern for enterprises; instead, enterprises should be wary of the techniques used by miniFlame, including its ability to operate as a module for other malware and allow the operator full remote access to the compromised system, which could be incorporated into automated toolkits by less sophisticated attackers.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
A recent version of the iSpy keylogger has the ability to steal passwords and record Skype chats. Expert Nick Lewis explains how it works and how to ...continue reading
IoT botnet DDoS attacks have been growing in volume and impact. Expert Nick Lewis explains how you can ensure your internet-connected devices are ...continue reading
A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.