Flame Spyware is a Monster!

Zowie! This is the “big one” from a security perspective! It appears to be state sponsored computer malware attacking many systems world-wide! ouch!

The Flame Virus: Spyware on an Unprecedented Scale

“Security researchers recently discovered one of the most complex instances of computer malware on record. Flame, which also goes by the names SkyWiper and Viper, has infected hundreds of computers across the Middle East and Europe. What does it do? Where did it come from? Who unleashed it?

What makes Flame so unusual is its size. It’s much larger than some of the largest malware instances that researchers have found. For instance, the infamous Stuxnet virus that was targeted at Iran’s uranium enrichment facilities several years ago was 500 kilobytes, according to Wired.

‘Flame is a sizable beast,’ said Graham Cluley of Sophos Security, a publisher of digital security software. ‘With all its components in place, it’s approximately 20MB. And this is one of the reasons why people have bandied phrases around like ‘biggest’ and ‘most sophisticated.’ Reverse engineering 20MB of code is a sizable piece of work.’

Researchers have only scratched the surface of what is hidden in all that code. Stuxnet (and its sister DuQu) took researchers months to figure out exactly what it did and where it might have come from. Flame will take a lot longer.

Flame, at its core, is spyware. It has the ability to log key strokes from an infected user’s computer, use the computer’s sensors such as the microphone and Web cam to record what is being said around it, and take screenshots. It can also sniff a network to steal passwords, be spread through USB drives and local networks, and transfer data to command-and-control servers. It can infect Windows XP, Vista and Windows 7 computers.

This is not your ordinary spyware, though. While it does have some simple and basic elements of spyware (which can key log and use the microphone as well), its sheer girth betrays a more sophisticated approach.

Normal spyware is not hard to detect. It is usually some type of derivation of existing malware that has been repurposed by hackers and distributed through normal channels such as spam or infected websites. Antivirus companies such as Symantec (Norton), Kaspersky, Sophos, Bitdefender and others recognize the spyware shortly after it is discovered and issue a detection kit for it. Microsoft then comes out with a patch and the cat-and-mouse game between the malware writers and security companies goes on. To a certain extent, this is what has happened with Flame. Detection and removal kits have already been released by security companies including Sophos and Symantec, as well as the Iranian government.”