14 DAY TRIAL // Flame is no longer making headlines, but security researchers continue to analyze the infamous piece of malware in an attempt to identify its clever mechanisms. Bitdefender experts have described advnetcfg.ocx, a module which alerted the developers in case antivirus software detected the malware or if other bugs prevented it from working properly.
advnetcfg.ocx’s main purpose is to collect data that could be used by Flame’s authors to improve their creation.
Whenever the malicious element detected that someone was snooping around one of its components, it would take screenshots and send them back to the programmers. Unlike other pieces of malware, Flame made reports that were much more complex than the ones of other similar Trojans.
Researchers assume that this module allowed Flame to avoid being detected by antivirus solutions.
“Although its creators definitely used multi-engine scan services to check if their samples were detected, they most likely needed feedback from the actual ‘production environment’ as every single system is unique and heuristic detection is influenced by parameters that they could not reproduce in lab conditions,” Bitdefender experts explained.
For more technical details on advnnetcfg.ocx, you can visit the Bitdefender Labs blog.