Forensic analysis of two command-and-control servers for the Flame espionage worm has revealed that the infamous malware has been around for longer than suspected - and has links to other mystery software nasties. Flame was built by a group of at least four developers as early as December 2006, according to freshly published …
What a horrible thing to happen to a sweet, innocent internet.
Say what you will about people behind the new breed of high-end malware (Stuxnet et al), but the creativity and ingenuity involved are undeniable. It blows my mind that Flame hasn't been detected for years despite its 20MB size and has the ability to spy on Bluetooth devices around the infected PC.
I'm not surprised
Especially with 200+ GB hard disk becoming the norm and internet connection well above 8 mbps, its relatively small size (compared to photos, office docs, pdfs, video clips) its a wonder it was even detected at all. Of course it being relatively quite and very targeted helped it hide quite well.
It's not really about the size as compared to other files and total storage. Larger size means larger footprint on the target system. Larger footprint (theoretically, Adobe software being an exception) means more functions are performed with more things to go wrong, causing detection.
Is still an overwhelmingly HUGE file size for something which does not contain media such as pictures, sound, video etc.
Hmmm 5gb from 5000 machines, or a roughly 1mb a week per machine, certainly sounds about the right size for some network recon..., and pretty much a needle in a haystack in terms of sniffing the payload, and thats assuming that the ~1mb of data was uploaded at once, even less likely if the ~1mb is the product of a week spent sniffing and periodically reporting back to c+c some software auto updates send back way more than a 100kb payload just to see if the shiteware is up to date and if not present and opportunity to install a fucking toolbar....