While USB drives have long been a security threat, the Flame spying malware brought the use of portable storage devices to a new level of weaponry.
Flame, discovered last month in Iran’s oil-ministry computers, used USB ports found on every PC as a pathway to avoid detection by network-guarding security systems. The cleverness of Flame’s creators in keeping the malware under the radar was one more example of why it is considered among the most sophisticated espionage-software packages to date.
[Insider (reg. req’d): Extinguishing Flame malware]
Because Flame was looking for highly sensitive data, it had to steal the information from networks without internet connections, yet still be able to connect at some point to a remote command and control server, vendor Bitdefender said in its security labs blog. To do that, Flame would move stolen files and a copy of itself to a memory stick inserted in an infected computer.
When the storage device was plugged into another PC, Flame would check to see if it was connected to the Internet and then copy itself and the stolen files to the new host, which the malware used to compress the data and transmit it to the controller’s server over HTTPS.
Flame is so awesome, it’s hard to believe it was made in USA. I suspect USA gave the money and Israel the brains :)