The Hacker News Logo
Subscribe to Newsletter

Flame spy virus going to Suicide

Flame spy virus going to Suicide

The creators of the world's most complicated espionage virus Flame have sent a 'suicide' command that removes it from some infected computers. U.S. computer security researchers said on Sunday that the Flame computer virus, which struck at least 600 specific computer systems in Iran, Syria, Lebanon, Egypt, Sudan, Saudi Arabia and the Palestinian Authority, has gotten orders to vanish, leaving no trace.

The 20-megabyte piece of malware already had a self-destruct module known as SUICIDE that removed all files and folders associated with Flame, but the purging command observed by Symantec researchers instead relied on a file called browse23.ocx that did much the same thing. According to Symantec, the ‘suicide' command was “designed to completely remove Flame from the compromised computer,” the BBC reports.

Computers infected with Flame, including honeypots, have been routinely contacting its C&C servers to check for new commands. When the C&C servers still owned by Flame’s authors recently sent out a self-destruct code, Symantec detected the command immediately.

Flame was designed to suck information from computer networks and relay what it learned back to those controlling the virus. It can record keystrokes, capture screen images, and eavesdrop using microphones built into computers.

Bots have long contained such self-destruct mechanisms, so it's not surprising that malware as complex and comprehensive as Flame would, too.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.