Does the Flame malware that was reported in the Middle East have any wider security implications?

blackdog

I don't know much about the Flame malware that was reported last week beyond the "facts" that it was probably designed by the US and/or Israeli governments, it targeted Iran and it was a large piece of software. What, if any, new threats does it introduce that require additional security steps for businesses here in the US?

Topic: Security
Answer this Question

Answers

2 total
hughye
Vote Up (11)

Microsoft just released a patch a day or so ago that plugs the hole exploited by Flame (or at least claims to).  Apparently Flame used a method that let it falsify a MS digital credential so that it looks like an update for enterprise users with remote desktops.  And it was around since at least 2010.  Which is nice.   

 

I have read conflicting accounts of how serious of a development Flame really is.  Kaspersky  has been ringing the alarm bells very loudly, although they did note that it was a very targeted piece of malware.  There is always a risk of something targeted getting "off-target" and causing all kinds of unintended consequences.  Still, the risk to most companies is so small as to be negligible.  We just aren't its target.  The ironic thing is that overall security is probably increased by the discovery, since yet another vulnerability is addressed.  Total security is like trying to squeeze a handful of water; it will never be accomplished.   

jimlynch
Vote Up (10)

Here's a good background article about it.

Flame (malware)
http://en.wikipedia.org/wiki/Flame_(malware)

"Flame,[a] also known as Flamer, sKyWIper,[b] and Skywiper,[2] is modular computer malware discovered in 2012[3][4] that attacks computers running the Microsoft Windows operating system.[5] The program is being used for targeted cyber espionage in Middle Eastern countries.[1][5][6] Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National Computer Emergency Response Team (CERT),[5] Kaspersky Lab[6] and CrySyS Lab of the Budapest University of Technology and Economics.[1] The last of these stated in its report that "sKyWIper is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found."[1]

Flame can spread to other systems over a local network (LAN) or via USB stick. It can record audio, screenshots, keyboard activity and network traffic.[6] The program also records Skype conversations and can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth-enabled devices.[7] These data, along with locally stored documents, are sent on to one of several command and control servers that are scattered around the world. The program then awaits further instructions from these servers.[6]

According to estimates by Kaspersky in May 2012, Flame had infected approximately 1,000 machines,[7] with victims including governmental organizations, educational institutions and private individuals.[6] At that time the countries most affected were Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt,[3][6] with a "huge majority of targets" within the first.[8] The program ceased operation after its exposure in the media.[8]"

Ask a question

Join Now or Sign In to ask a question.
Apple users accessing Gmail on mobile devices could be at risk of having their data intercepted, a mobile security company said Thursday.
The source code for an impressively small but capable malware program that targets online bank accounts has been leaked, according to CSIS Security Group of Denmark.
Financial and business information was stolen from several shipping and logistics firms by sophisticated malware hiding in inventory scanners manufactured by a Chinese company.
In wake of psychological experiment, group challenges users to take a Facebook break and find out if it makes them happier.
The Department of Homeland Security mistakenly released details on an experiment in which a 27-ton generator was destroyed via a cyberattack.
Police from eight countries together with several private security companies disrupted the online infrastructure used by cybercriminals to control computers infected with a malware program called Shylock.
The scope of a recent security breach at a digital certificate authority (CA) controlled by the Indian government is bigger than initially thought and also targeted domain names owned by Yahoo, in addition to several owned by Google.
Hackers increasingly target small firms as a way to get to the big guys. Here's what companies need to do to step up their game.
Microsoft has reached a settlement with domain provider No-IP to disable some of its domains, after taking control of part of its network to shut down a botnet.
More than 40 privacy, civil rights and religious groups have called on President Barack Obama's administration to provide a "full public accounting" of long-time email surveillance of prominent Muslims living in the U.S., following a news report detailing the spying by the U.S. National Security Agency and FBI.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness