Flamer: A Recipe For Bluetoothache

The security solutions provider, Symantec, has tried to decode the latest threat that has emerged. According to a blog published by Symantec , W32.Flamer is possibly the only Windows based threat which uses Bluetooth. It is yet another indicator that W32.Flamer is not only exceptional, but that it is a comprehensive information gathering and espionage tool.

The blog has highlighted how Flamer uses Bluetooth and what the attacker can achieve by it. It says, “The Bluetooth functionality in Flamer is encoded in a module called “BeetleJuice”. This module is triggered according to configuration values set by the attacker. When triggered it performs two primary actions:

The first is to scan for all Bluetooth devices in range. When a device is found, its status is queried and the details of the device recorded—including its ID—presumably to be uploaded to the attacker at some point. The second action is to configure itself as a Bluetooth beacon. This means that a computer compromised by W32.Flamer will appear when any other Bluetooth device scans the local area. And there is more. In addition to enabling a Bluetooth beacon, Flamer encodes details about the infected computer and then stores these details in a special ‘description’ field.”

In addition to the facts of how Flamer uses Bluetooth, the blog lists out scenarios as to what can the attacker do with this functionality. The major scenarios that the blog describes are identification of victim social networks, identification of victim physical locations and enhanced information gathering.

“The sophistication of W32.Flamer indicates that the attackers are certainly technically skilled and such attacks are well within their capabilities,” the blog concludes.