Today we found out that Flame Worm is uploaded via BD Guys without knowing all details about flame worm, how it can be executed/communicate with command center and how infection work on windows computers. But in the Facebook, they are sharing the file link to download, those downloaders don't know what exactly they are dealing with it. but they did download for Burmese PC to be infected with this worm.
First of all, we know that Virii very much, it was popular for months to decode the language. And everyone figure it out that it was written in Lua in May 2012. And it was widely hit in Muslim countries, Flame virus is for Middle East, it was written by Israel Cyber Team to attack Iran. ICT ( well know as Elite Game Developers of Israel ) still controls the C&C.
I feel bad for those script kiddies ( Bangladesh Hackers = LOOSERS ) who waste a lot of time to search that worm and try to name the worm as “Naka worm v1.0” again. Now, they scare to generate worm with email to capture all key logs, because they lost their email account and password at first attempt. You can read how we took down their first attempt at http://www.blinkhackergroup.org/2012/06/warrning-naka-virus.html. This is a second attempt, and try to use Flame worm, i thought he may read news all about it, and later searched for it and provided for people without skills and knowledge.
Now, They want to use Flame to infect. Really? Did you BD guys ever create a virus yet in your life? The real hackers create virus by themselves to infect other computers without getting detected by anti-viris (anti-virus programs) and software crackers at the first place. Then most of antivirus by hackers can’t detect for years till computer caught suspected by anti-viris guys. But you guys are you wasting your time to use the well-known death virus to infect in system.
Non-PC is getting infected with Flame virus at all in Burma. And it can be detected easily now with anti-viruses. BD Script kiddies, learn more how to write a program at first to get output of “hello world”.
When we look in zip, we were laughing at it. What we see is, the file name are MD5 for files in there for 26 files without file extension. Those files are used at Lab for reverse engineering. He may got it from sharing sites.
BD script kiddies - Do you really know what MD5 is used for file name in your zip file? Do you know how exe file works; do you really know what OCX and DLL file too? Do you really know what you are dealing with? Do you really think you can infect with it at Burma? They scare to touch the file name, even they didn't change at all. They believe that changing file names and double clicking those files may infect the PC. They are just script kiddies.
According to BD script kiddies at Facebook, they want to infect the Burmese PC with Flame virus, but they really don’t know how does it work? Poor BD guys!
I don’t know what is the purpose they uploaded the virus without skills to make infections, LOL! Do you really want us to research? We have very skillful people at Reverse Engineering. However, Kiddies, Kasper Team already figured out this one!
BTW – Burmese brother and sisters, don’t worry about Flame virus, it is widely detectable now with most common anti-viruses whether files are executable or not. Beside, Those BD criminals don’t know what really that is, how they can infect to other PCs yet.
Flame ( Late 2008 – June 2012 ) – it is now a death worm!
Here is some brief about Flame; when Flame is executed by a user who has administrative rights to the domain controller, it is also able to attack other machines in the network: it creates backdoor user accounts with a pre-defined password that is then used to copy itself to these machines.
If one of computer is infected with flame virus in Network, the flame virus can hijack the windows update session by near by computers, it spreads through windows updates. Basically, Microsoft has vulnerable in windows updates session hijacking by MD5 hash-collision attack. Microsoft has patched it already on 6 June, 2012 ( http://blogs.technet.com/b/msrc/archive/2012/06/06/security-advisory-2718704-collision-attack-details-wu-update-rollout.aspx ) .
And it can connect to Bluetooth and grab the address of the phone, and communicate with Bluetooth by C&C too. It can steal the information and store in it’s own databases and share with C&C.
It was discovered Russian Team ( Kaspersky Lab ), all information has been answered by Kaspersky Lab. If you would like to contact about this worm, you can ask kaspersky by e-mail at the previously created mailbox for Stuxnet/Duqu research: stopduqu@kaspersky.com.
On Infected Machine (Symptoms of Infection):
If computer is infected, you can see following symptoms at PC.
Conclusion
So brothers & sisters of Myanmar, I would like to conclude that you guys are safe and sound. In that BD zip file, you can simply tell that they are not executable with proper names with dll,ocx and exe file. In order to infect, they should have correct file name with dll and ocx as well as exe file too with proper commands to install and beside they should have C&C centers to control all. C&C centers are controlled only in Israel Cyber Team.
BD Hackers guys are just script kiddies who don’t know what they are! They are just biggest losers and they don’t even own C&C at all for flame!
