Detecting the "Flame" Trojan

You may have heard about a new Trojan virus called “Flame”, which is attacking users’ privacy and is stealing sensitive information. It has been mostly infecting computers in the Middle East (Iran, in particular) but it also has been reported to infect computers in other areas of the world.

The trojan spreads via email and it copies itself in to the local network. It can drop malicious files, has a built-in keylogger and can steal all kind of private information. I am not going into too much details here, but for the savvy readers I recommend reading the 63-page PDF report of the analysis performed by the Laboratory of Cryptography and System Security (CrySyS) at the Budapest University of Technology and Economics.

Starting with our latest updates, all Avira solutions will detect this sophisticated Trojan as “TR/Flame.A”.

The VDF was published yesterday and has the version number 7.11.31.80. You can get more information about the Trojan’s behavior by reading our virus description, available here.

 

Sorin Mustaca

Data Security Expert