Alexander Gostev

Snack Attack: Analyzing Flame’s Replication Pattern

By Alexander GostevThe Flame malware uses several methods to replicate itself. The most interesting one is the use of the Microsoft Windows Update service. This is implemented in Flame’s “SNACK”, “MUNCH” and “GADGET” modules. Being parts of Flame, these modules are easily reconfigurable. The behavior of these modules is controlled by Flame’s global registry, the database that contains thousands of configuration options.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.