“Flame spy virus going to Suicide
”
~~~~THIS INFORMATION I'M SHARING IS FOR EDUCATIONAL PURPOSES ONLY.PLEASE USE IT TO YOUR DISCRETION...~~!
The creators of the
world's most complicated espionage virus Flame have sent a 'suicide' command
that removes it from some infected computers. U.S. computer security
researchers said on Sunday that the Flame computer virus, which struck at least
600 specific computer systems in Iran, Syria, Lebanon, Egypt, Sudan, Saudi
Arabia and the Palestinian Authority, has gotten orders to vanish, leaving no
trace.
The 20-megabyte piece
of malware already had a self-destruct module known as SUICIDE that removed all files and folders associated with Flame,
but the purging command observed by Symantec researchers instead relied on a
file called browse23.ocx that did much the same thing. According to Symantec,
the ‘suicide' command was “designed to completely remove Flame from the
compromised computer,” the BBC reports.
Computers infected with Flame, including
honeypots, have been routinely contacting its C&C servers to check for new
commands. When the C&C servers still owned by Flame’s authors recently sent
out a self-destruct code, Symantec detected the command immediately.
Flame was designed to suck information from
computer networks and relay what it learned back to those controlling the
virus. It can record keystrokes, capture screen images, and eavesdrop using
microphones built into computers.
Bots have long contained such self-destruct
mechanisms, so it's not surprising that malware as complex and comprehensive as
Flame would, too.