CNET News – (International) Flame malware network based on shadowy domains, fake names. The Flame malware used domain names registered with fake names to communicate with infected computers in the Middle East for at least 4 years, researchers said June 4. Someone began creating the 86 domains and more than 24 IP addresses that host the command-and-control (C&C) servers as early as 2008, using fake identities and addresses in Austria and Germany to register them with GoDaddy and others, a senior researcher at Kaspersky Lab said. He speculated that stolen credit cards were used for the transactions. The IP addresses point to hotels, doctor’s offices, and other non-existent businesses, while the C&C servers are located in Germany, the Netherlands, the United Kingdom, Switzerland, Hong Kong, Turkey, Poland, and Malaysia, according to Kaspersky.
Ali Loney, on June 04, 2012