Tuesday, June 05, 2012

The flame virus



Ever since word of the Flame virus first got out the superlatives have come in thick and fast.
.
Analysts have competed with themselves to describe it as the most complex, the deadliest, largest and most comprehensive virus ever uncovered. 
.
In many ways it is all these things and more. 
.
But does it pose a risk to the average internet user?
.
The short answer at the moment is no. 
.
Whoever created Flame did it with a very specific agenda – the targeted acquisition of intelligence on very specific networks primarily in the Middle East.
.
While it is frighteningly capable, it is not particularly infectious. 
.
When organised criminals create malware they often try to make their product as virulent as possible. 
.
The more computers you infect, the bigger pool you get to swim in looking for ways to make money and pilfer data.
..
Flame is a much stealthier beast. 
.
Most likely the product of a nation state, it has been created to surreptitiously infiltrate designated networks and harvest as much data as possible without being detected. 
.
Once it is inside a system it works at a level of comprehensiveness and sneakiness that has rarely been seen before. 
.
But in the two-five year period Flame is thought have been in existence, it has infected hundreds of computers in the Middle East, not millions of computers worldwide.
.
Flame could become a danger to the public, however, if criminal networks are able to get their hands on some of the coding that has made it so effective.
 .


That is what happened with Stuxnet.
.
Even more targeted than Flame, Stuxnet was developed – most likely by Israel or the United States – to disrupt Iran’s nuclear programme by exploiting the very specific Siemans computer systems that were used by Tehran in its uranium enrichment facilities
.
On its own it was harmless to other systems. 
.
But once the coding became public – an inevitable side effect of analysing and defeating viruses – criminal groups were able to take sections of the virus and develop it for their own nefarious purposes. 
.
Malware using Stuxnet’s capabilities soon began to surface on the black market and cause carnage online.
.
Any malware worth its salt looks out for anti-virus software once it’s inside a machine. 
.
A sophisticated virus might have between 20-50 defences already built in to counter security software. 
.
Cyber security researchers have told me Flame has an astonishing 346 separate defences. 
.
The list, which is circulating among professionals, is not being made public in a bid to keep it out of the hands of criminal networks. 
.
We can only hope it stays that way.

No comments: