OPSWAT, the industry leader in software management SDKs, interoperability certification and multiple-engine scanning solutions, announced last week that their Metascan products provided the earliest detection capabilities of the Flame malware, a complex threat that was first identified at the end of May.
Flame, also known as sKy WIper, is an advanced and complex tool designed to steal data from infected machines and upload it to a remote server. Because the malware looks for highly sensitive data that is usually on networks without internet connections, Flame has the ability to copy itself and the target data to any USB drive inserted to the machine. Then, by forging a Microsoft digital certificate, Flame automatically installs itself when the USB drive is inserted to an internet-connected Windows PC.
Researchers of the malware have reported that Flame has been in existence for more than two years, and uses some of the same source code as the Stuxnet worm, which made headlines more than a year ago. Both Stuxnet and Flame were built to spread via infected USB drive, taking advantage of many similar software vulnerabilities. Stuxnet is believed to have targeted Iran's uranium-enrichment facility at Natanz via the Supervisory Control and Data Acquisition (SCADA) systems used to control and monitor industrial processes in facilities such as power plants. Similarly, Flame has been used in targeted attacks against organizations in the Middle East, including Iranian oil facilities. Both pieces of malware are suspected to be cyber-warfare tools built by nation states.
Flame was initially discovered by Kaspersky Lab, an antivirus company headquartered in Moscow, Russia. Because Kaspersky Antivirus is one of the engines available in Metascan, OPSWAT’s multi-scanning technology, users of Metascan products that include Kaspersky benefited from the earliest detection of the malware, critical hours before users of single-engine anti-malware solutions. Metascan is a multi-scanning solution that optimizes multiple anti-malware engines to simultaneously scan content, giving users many benefits over a single-engine solution.
Using Metascan technology, OPSWAT offers a ready-to-go multi-scanning solution called MetaDefender for Media (MD4M), which protects against threats on USB drives and other external media devices. MD4M enables organizations to scan USB drives, CDs, DVDs and memory cards with multiple antivirus engines before they enter a network or locked-down system.
OPSWAT’s Director of Sales, Alex Sill, commented, “MD4M offers our customers an easily implemented and secure method to protect against threats such as Flame and Stuxnet. Our solution provides the optimal tools to create processes ensuring that USB drives and other peripheral media have been thoroughly scanned before interacting with customers’ networks.”