Skywiper, the ghost in the machine
I don’t claim to know a lot about malware, or spyware for that matter, other than I know it’s bad shit and if your computer gets infected it can really mess things up. It’s also a pain in the ass to try to remove a virus, which I have had to do on an occasion or two. Which is also why I run virus scans often and am very careful about my web browsing and the sites I visit.
Suffice to say, when I saw this post shared by Ellie K on Google+, I was taken aback. The post is linked to McAfee, who is an anti-virus software company. In the post, they are talking about the newest virus threat called Skywiper, or also referred to as Flamer, based on some language in the code that refers to “flame”. What shocked me was the amount of code that the new malware has.
The malware uses common tactics of obfuscation, which amounts to 650,000 lines of code, with the distinct possibility of passing 750,000 lines of code after further analysis is done. McAfee made a diagram that shows the relationships of the code, which looks like a sinister spider web.
Reading through the information Skywiper has many nefarious surveillance activities when infecting your machine, too many to list however some notables are:
- Searches the desktop and hidden places within the OS for notes and information.
- It silently fires up extra instances of Internet Explorer, and injects code into them. This way it can be part of a “trusted” process on the machine, allowing it to circumvent firewalls.
- It is interested in mobile devices…and discovers Bluetooth devices, and shows interest in the target’s social network, by looking for contacts.
- Network sniffing, detecting network resources and collecting lists of vulnerable passwords.
- It creates a series of the user’s screen captures when some specific processes or windows are active.
- Using the infected system’s attached microphone to record the environment sounds.
- Distribution via removable media such as a USB device to infect other machines.
Another scary thought is Skywiper malware is actually able to be undetectable by all the 43 tested anti-virus software programs, according to Security Affairs who labels Skywiper as a Cyber Weapon.
The malware code is still being deciphered, and as McAfee pointed out will take some time to figure out. It’s also said that the exploit could be happening from a Microsoft vulnerability. Yikes!