The virus, named Flame or Skywiper, has been in headlines this week. In good and in bad. Flame came to light when the U.N. International Telecommunications Union (which oversees cyberactivities for the body) received reports of unusual activity. A Russian security firm first identified it, noting that the virus has apparently existed in these networks for several years undetected. UN issues Flame warning to member nations as Iran confirms attack.
Flame will be the third major cyber weapon uncover following the discovery of the Stuxnet virus in 2010, which attacked Iran’s nuclear program, and its data-stealing cousin Duqu. It seems that Flame is a cyberespionage operation than actual attacking weapon.
Iran targeted by ‘Flame’ espionage virus article tells that Iranian computer networks have been targeted by a cyber espionage virus many times more complicated than any malicious software ever seen before, security experts have said.
Flame: world’s most complex computer virus exposed article boasts that the world’s most complex computer virus, possessing a range of complex espionage capabilities, including the ability to secretly record conversations, has been exposed. Middle Eastern states were targeted and Iran ordered an emergency review of official computer installation. It is the third cyber attack weapon targeting systems in the Middle East to be exposed in recent years.
Meet ‘Flame’, The Massive Spy Malware Infiltrating Iranian Computers article tells that a massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation. The malware, discovered by Russia-based anti-virus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years. Flame Virus is Most Complex Threat Ever Discovered article tells that the primary purpose of Flame appears to be cyber espionage, by stealing information from infected machines. Such information is then sent to a network of command-and-control servers located in many different parts of the world.
I think the worst sensationalistic headline is this Fox News headline: Powerful ‘Flame’ cyberweapon tied to popular Angry Birds game. The article tells that the most sophisticated and powerful cyberweapon uncovered to date was written in the LUA computer language, cyber security experts tell Fox News — the same one used to make the incredibly popular Angry Birds game. LUA is favored by game programmers because it’s easy to use and easy to embed. And it is used in many other applications as well from embedded systems to Wireshark network analyzer. The fact that both Flame and Angry Birds happen to use some programming language on some parts it pretty weak link between then, and quite sensational to link those two together to headline!
Flame is described as enormously powerful and large, containing some 250,000 lines of code. Cyber experts tell Fox News that once in a computer network, Flame is powerful enough to initiate webcams, microphones, and Bluetooth connections in order to extract contact lists, record conversations and more.
The news were full of security related commend spreading security related FUD on the topic (that serves as marketing for companies selling security solutions):
“If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Roel Schouwenberg, a Kaspersky security senior researcher, said.
Kaspersky added: “The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country. Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case.”
After some research it seems that ‘Super-powerful’ Flame worm actually boring BLOATWARE article tells that initial analysis of Flame may be big in size but it’s nothing like the supposedly devastating cyberwarfare mega-weapon early reports of the malware suggested. This new nasty is quite complex by design, yet researchers are still hunting for any truly evil and innovative attack techniques, or similar threats, within the code.
Flame/Skywiper is 20MB file, which infects Microsoft Windows computers, has five encryption algorithms, exotic data storage formats and the ability to steal documents, spy on computer users and more. Crysys Lab said the technical evidence for a link between Flame/Skywiper and Stuxnet or Duqu was inconclusive, however. While they shared many common components, the newly-discovered virus bears little resemblance; for instance Flame/Skywiper does not spread itself automatically but only when hidden controllers allow it. Flame is not a worm. Its architecture includes wormable functionality but those functions are disabled by default. So Flame isn’t spreading like a worm and therefore you won’t be infected unless you’ve been specifically targeted.
Software size is far less important than how many systems it has infected and what damage it causes. Game changer? Maybe not. Flame is a precise attack toolkit rather than a general-purpose cyber-weapon. Flame is bloated and overhyped, according to rival security vendors.
Flame is big. It’s complex (just as lots of legitimate software are complex). But it’s not advanced crimeware. Flame on the other hand is a “limited edition” spy tool with a limited scope that was used very carefully. Clearly there was advanced planning involved, but that doesn’t necessarily make it what we would call advanced technology. The application was built for information gathering. And not just data from the computer, but also conversations and chats, contacts — intelligence.
There has been some search going on who might be behind Flame. Vitaly Kamluk, Kaspersky’s chief malware expert, told the BBC that more than 600 specific targets were hit, ranging from individuals, businesses, academic institutions and government systems. He also: “The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it”.
Flame-bait Questions post from F-secure tells that Flame isn’t designed for profit. It is too big and “complex” to have been designed by “hackers”. So that leaves us with a nation state. Nation states spy. It shouldn’t be surprising to anybody that they use digital espionage tools these days. It’s evident that significant resources went into crafting Flame. Given that, we think a better question is what defense contractor developed Flame. The way in which Flame is structured suggests to us that it was written by a contractor — an organization that is being paid.
Fox news article claims that It was likely built by the same nation-state responsible for the Stuxnet virus that targeted Iran’s nuclear power plant. One of the leading candidates, is Israel, because Flame has been found in Saudi Arabia, Palestinian territories, Syria, Iran and Hungary. Fox News also claims that Israeli Vice Premier Moshe Ya’alon on Tuesday hinted to a local radio station that his country was indeed responsible for it.
What is the truth it is hard to say.
For final thought look at F-secure Flame-bait Questions article that gives good details on how worried you should be: Am I protected from Flame? That’s the wrong question. I at risk from Flame? Are you a systems administrator for a Middle Eastern government? No? Then no… you aren’t at risk. And Flame is now a known quantity. You don’t need to worry about it. Flame has been extinguished.