Log In | Subscribe | | |

Kaspersky Labs Discovers "miniFlame"

Editorial Staff

IT Security company Kaspersky Labs says that it has identified a new variant of a threat. Called "miniFlame" (aka SPE) it is a small and highly flexible malicious program designed to steal data and control infected systems during targeted cyber espionage operations.

The company has issued the following comprehensive statement:

miniFlame, also known as SPE, was found by Kaspersky Lab's experts in July 2012, and was originally identified as a Flame module. However, in September 2012, Kaspersky Lab's research team conducted an in-depth analysis of Flame's command & control servers (C&C) and found that the miniFlame module was actually an interoperable tool that could be used as an independent malicious program, or concurrently as a plug-in for both the Flame and Gauss malware.

Analysis of miniFlame showed there were several versions created between 2010 and 2011, with some variants still being active in the wild. The analysis also revealed new evidence of the co-operation between the creators of Flame and Gauss, with both malicious programs able to use miniFlame as a 'plug-in' for their operations.Main findings:

miniFlame, also known as SPE, is based on the same architectural platform as Flame. It can function as its own independent cyber espionage program or as a component inside both Flame and Gauss.
The cyber espionage tool operates as a backdoor designed for data theft and direct access to infected systems.
Development of miniFlame might have started as early as 2007 and continued until the end of 2011. Many variations are presumed to be created. To date, Kaspersky Lab has identified six of these variants, covering two major generations: 4.x and 5.x.
Unlike Flame or Gauss, which had high number of infections, the amount of infections for miniFlame is much smaller. According to Kaspersky Lab's data, the number of infections is between 10-20 machines. The total number of infections worldwide is estimated at 50-60.
The number of infections combined with miniFlame's info-stealing features and flexible design indicate it was used for extremely targeted cyber-espionage operations, and was most likely deployed inside machines that were already infected by Flame or Gauss.