A new form of state-sponsored malware is making the rounds, this one apparently designed specifically to spy on its victims.
Dubbed "MiniFlame" by Kapersky Lab, but also known as SPE, the new malware variant is similar to the Flame virus that targeted computers in the Middle East this past summer. But MiniFlame is a cyber espionage program that can take over where Flame leaves off.
As described by Kaspersky:
First, Flame or Gauss are used to infect as many victims as possible to collect large quantities of information. After data is collected and reviewed, a potentially interesting victim is defined and identified, and miniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage.
Kaspersky discovered MiniFlame in July, although at the time it simply looked like an earlier version of Flame. Further research determined last month that the new module was actually a separate malware strain, through one that can take advantage of PCs infected by Gauss and Flame.
The developers of MiniFlame may have started their work as early as 2007, according to Kaspersky, and continued until the end of last year.
Six variants of the new virus have been discovered, though there are likely more. So far the infection rate is low, especially when compared with Gauss and Flame. Only 50 to 60 computers worldwide are estimated to be infected with MiniFlame.
But these types of attacks are less focused on quantity and more on hitting specific targets.
"MiniFlame is a high precision attack tool. Most likely it is a targeted cyberweapon used in what can be defined as the second wave of a cyberattack," Alexander Gostev, Chief Security Expert for Kaspersky Lab, said in a statement. "The discovery of miniFlame also gives us additional evidence of the cooperation between the creators of the most notable malicious programs used for cyber warfare operations: Stuxnet, Duqu, Flame, and Gauss."
Together, these malware strains are seen as a sign of continued cyberwarfare against Middle East countries. In particular, many analysts believe many of these strains gathered intelligence in Iran and may have been used to sabotage its nuclear-weapons program.
"With Flame, Gauss, and miniFlame, we have probably only scratched [the] surface of the massive cyber-spy operations ongoing in the Middle East," a Kaspersky Lab expert wrote in the blog. "Their true, full purpose remains obscure and the identity of the victims and attackers remain unknown."