If you are updated with the latest tech news, you might have already heard about the Flamer or Flame Malware spreading in many countries. Flamer is a highly sophisticated piece of malware has been newly found infecting systems. Flame appears to have been operating in the wild as early as March 2010, though it remained undetected by antivirus companies. Malware itself is a big chunk of code and hence not detected for almost 2 years.

According to BitDefender, there are multiple modules inside the malware namely Flask, Jimmy, Euphoria etc. Flask module is an info-stealer that harvests every bit of information available on an infected system. The Jimmy component is designed for leaking data. Files to be leaked are the ones with the following extensions: *.doc, *.docx, *.xls, *.dwg, *.kml *.ppt, *.csv, *.txt, *.url, *.pub, *.rdp, *.ssh, *.ssh2, *.vsd, *.ora, *.eml. Please note that jimmy also leaks KML files (formats that are used to view geographic data in Google Earth). AutoDesk files (.dwg) which store three-dimensional layouts and plans are also leaked.

Closer inspection of the EUPHORIA module revealed that it controls the spreading mechanism via USB sticks. The USB spreading capabilities are re-enforced with a secondary component called AUTORUN_INFECTOR that is being used to exploit the operating system’s Autorun feature.

How to Check if your PC is infected:

The going by the nature of the malware, it is one of the highly dangerous ones as it leaks lots of information and provides false triggers and alerts. If you want to check if your PC is infected, then you can download the BitDefender tool available here (32 bit and 64 bit).

Just run the tool and it will tell you if your PC is infected or not and also removes this trojan Flamer.

Flamer malware

As of now Flamer has also only been identified on PC systems in several middle-eastern states including Iran, Israel, Palestine, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. But this does not mean other countries are safe.

More information on Flamer malware is available here.

[Via gHacks]