Remember Stuxnet, the malware targeted at the Iranian nuclear industry? Say hello to Flame (Win32.Flame), a 20MB piece of modern cyberwar weaponry.
Detailed by Kaspersky Lab Expert Aleks in a Questions and Answers entry on SecureList, Flame is 20 times larger than Stuxnet and has been floating around the Middle East for two years or more. It is "a backdoor, a Trojan, and it has worm-like features," according to Kaspersky, and reports to about 80 command-and-control domains. Various Flame modules can be initialized on infected systems to change the information gathered.
Flame is able to infect a fully patched Windows 7 system, indicating it leverages a zero-day exploit not yet known to security researchers. The complexity and size of Flame indicates the likely developer was a "government-sponsored entity" according to the Wall Street Journal. Other names for Flame are Flamer, Wiper, Viper, and sKyWIper. It may be the "most complex malware ever found," according to a CrySyS Lab report.
Has the cyberwar started?
my bet would be the Chinese, they are not overly friendly with any country in the middle east, and this virus seem aimed at everyone in that part of the world.David 164 on theregister.co.uk
The Chinese already have an army of western servers under their control, silently. Their intent in doing this is unknown, as is the number of compromised servers.jcollake on wired.com
This is an advanced mechanism employed by a state agency. The article isn't overt, but the implication is clearly that this device is of US origin and purpose. Personally, I'm happy to see the US engaging in this sort of behavior. National Defense with low cost and no lives lost!Andrew Middleton on wired.com
Parts of it are in Lua. Hmmm.... I'd say that points the finger at China. Lua is the scripting language for World of Warcraft. We tend to see the most sophisticated WOW hacks come out of China.Marvin Prince on wsj.com
I'm getting the distinct impression from the labels, filenames etc. used in the code that this is put together by native English speakers. Competent ones, at that.Dom 3 on theregister.co.uk
Lua was used as a fast way to write code that could be used on both iOS and Android platforms.ian hickey on wsj.com
If you want security, use a pencil, paper, and a safe.Chris King on wired.com
What if it's just a massive game of social engineering? Click here to install the 'FLAME Removal Tool' (really, trust us...). LOL.Anonymous Coward on theregister.co.uk
It's getting to the point where you need to restore a pristine disk image at least once a week. Or for the truly paranoid, use a Live CD.Trashreader on wired.com
Iran's Computer Emergency Response Team announced it has developed software to kill the Flame malware. Do you believe them?
Now read this: