Tuesday, 30 October 2012

A new Cold War - worlds most complex virus

Stuxnet was what many call a wake-up call to countries around the globe (read about Stuxnet here). Iran has already responded to this attack by amassing the second largest online army in the world. The internet has taken over and is quickly becoming the next platform for war. The only problem is, you don’t know who is waging it.

Stuxnet was a weapon, and the first to be made entirely from code. Since then, several viruses have been identified. One in particular, which has been dubbed Wiper was believed to be deleting data in the Middle East and from computers belonging to the Iranian oil industry.

Future Cyber Security
By DGH source: Technology Moral Dilemma blog
July 1, 211
Wiper was so complex and sophisticated that even Kaspersky, the Russian security could not find the virus or any information on the creator/s. The malware wiped hard drives clean, including its own coding.

But who could finance this kind of technology? It was clearly not a teenage boy in his room doing a prank. This virus had a goal and a target.

The 15 year old security firm did not give up. They eventually found an MD5 hash and file name on computers in Iran. When they put everything together they found something big, of a complexity never seen before… Flame.

Kaspersky Lab researcher Alexander Gostev stated that “Flame is a huge package of modules almost 20mb in size when fully deployed. Because of this, it is an extremely difficult piece of malware to analyse”

He added “Overall, we can say Flame is one of the most complex threats ever discovered. In addition, the geography of the targets and the complexity of the threat leave no doubt it being a nation state that sponsored the research behind it.”

Competitor security firm Symantec agreed with Kaspersky, stating that “This code was not likely to have been written by a single individual but by an organised, well-funded group of people working to a clear set of directives. Certain file names associated with the threat are identical to those described in an incident involving the Iranian oil ministry.”

Morgan wright – Cyberterrorism Analyst stated that the virus had 20 times more coding in it than Stuxnet, the virus that knocked down Iran’s nuclear centrifuges. He added that Flame was not only designed for recognisance, but also to steal documents, audio data, screenshots and to wipe clean hard drives with important information.

For the victims of Flame, it was like having a spy with direct control of their computer.

Learn how to take Flame and Stuxnet apart and use forensic techniques to uncover the culprits. The EC-Council C|HFI v8 certification course will teach you the entire digital forensics process. You'll learn how to secure the scene, collect evidence, and send it to the lab for testing. You will learn the following:
  • How to investigate cyber crime, and the laws involved
  • Different types of digital evidence, and the examination process
  • The first responder toolkit - how to secure, preserve and evaluate the electronic crime scene
  • How to recover deleted files and partitions in Windows, Mac OS X, and Linux
  • How to use steganography, and the AccessData forensic toolkit
  • Password cracking and how to investigate password-protected file breaches
  • Log capturing and management
  • How to investigate logs, network traffic, wireless attacks, and web attacks
  • How to track emails and investigate e-mail crimes
Train to be the police of the future - get certified.

Here is an interesting video on the deconstruction of the Flame virus: