Cyber-Espionage Malware Features Bluetooth Functionality

Computerworld June 1, 2012
Cyber-Espionage Malware Features Bluetooth Functionality
Symantec writes that W32.Flamer is potentially the only Windows based threat discovered that uses Bluetooth

The “Flame” threat represents a more complex form of cyber weapon, since the first of such sophisticated malware, Stuxnet,was identified in 2010, say anti-virus companies. As Symantec puts it, “W32.Flamer is possibly the only Windows based threat we have encountered which uses Bluetooth.”

Symantec states in its security response blog that this is an “exceptional … (and) comprehensive information gathering and espionage tool”.

The blog paints three scenarios of where and how this bluetooth functionality can be used by attackers; from mapping the infected users' social and professional circles, to identifying the physical locations of infected users, and even extracting information from other Bluetooth devices that are within range.

The blog states that “The Bluetooth functionality in Flamer is encoded in a module called "BeetleJuice"”, which when triggered “according to configuration values set by the attacker” would perform 2 primary functions. 

As the blog describes, firstly it would scan all Bluetooth devices that are in range, and having found such a device, would then record the details of the said device – this information would then probably “be uploaded to the attacker at some point”.

Symantec explains that Flamer then configures itself as a bluetooth beacon: “This means that a computer compromised by W32.Flamer will appear when any other Bluetooth device scans the local area.”