Kaspersky Lab has published an update in its investigation of the Flame cyber-espionage campaign, which the security experts discovered in May. Read More ..
The research, which Kaspersky conducted in partnership with IMPACT, CERT-Bund/BSI and Symantec, identified traces of three previously undiscovered malicious programs.
Specifically, Symantec has highlighted forensic analysis of two of the command-and-control (C&C) servers behind the W32.Flamer attacks that targeted the Middle East earlier this year.
Here's what the group found after analyzing the C&C servers:
The two servers were set up on March 25, 2012, and May 18, 2012.
The servers controlled at least a few hundred compromised computers over the next few weeks of their existence.
The server set up in March collected almost 6 GB of data from compromised computers in a little over a week. The May server only received 75MB of data, as it was used to distribute one command module to the compromised computers.
As for the three Flame-related programs, Kaspersky said at least one of them is currently operating in the wild, though no one has yet identified it. There isn't any evidence that the Flame C&Cs were used to control other known malware such as Stuxnet or Gauss.