“The Flame” and Why You Shouldn’t Be Scared (Or Should You Be?)

We’ve got our next “Super Threat” coming out of the Duqu and Stuxnet FUD-fest. The latest big thing is entitled “The Flame” (scary sounding, right?) – a highly sophisticated piece of malware that targets the Windows Operating System and essentially spies on users.

Why It’s Scary

“The Flame” is a highly sophisticated piece of malware. It makes use of multiple Windows exploits to run on users machines without their consent or interaction and it’s also just creepy – the thing spies on you using every piece of hardware on your machine. It’s looking through your webcam, it’s picking up keystrokes, it’s recording through your microphone, and it’s taking screenshots as well.

Oh, and it’s potentially been spreading for 8 years (though it’s looking more like 2) just covering its tracks. It’s also still unknown exactly how it’s infecting systems (best guess seems to be MS10-033, but it’s likely that there are multiple channels of initial infection.) It is potentially being spread (initial infection) through a 0day exploit, though nothing has been substantiated (apparently it has infected fully patched Windows 7 machines.)

It’s not just creepy. The complexity and sophistication of the code as well as the sheer size of it makes it likely to be the work of not just one hacker but potentially a team of trained and well paid hackers. And that leads to the next, and potentially scariest aspect…

This is probably government born. The fact that it’s so advanced means that it probably cost big money and it’s clearly a tool for spying and collecting as much information as possible so it should be a fairly short leap of logic to see why governments would be after this.

Why It Isn’t Scary

It actually is pretty scary when you read the above. Government commissioned hacker teams trying to watch me post on the internet? It’s enough to make you want to just unplug.

But let’s remember a few things…

It propagates throughout networks through a lot of different ways but at least some of the exploits have been patched (MS10-061MS10-046, potentially MS10-033) so your first step is to go check for Windows Updates. Now.

If you’re running an Antivirus (I suggest Microsoft Security Essentials) it’s a good idea to keep it up to date as, at this point, they should all detect Flame.

The top infection nations are: Iran, Isreal Palestine, Sudan,  Syria, Lebanon, Saudi Arabia, Egypt. If you aren’t there, your chances are good. That said, it’s been spotted all around.

All in all it’s definitely a cool piece of malware. It still needs to make use of some already patched vulnerabilities so make sure you’re up to date, that’s one of the only ways to ensure you aren’t infected.

Is Flame the end all be all malware? No. But it’s a nice reminder that there are people out there willing to put serious work into infecting machines.

I’ll be posting more on staying secure on Linux and Windows in the future.

Sources:

http://www.crysys.hu/skywiper/skywiper.pdf

http://technet.microsoft.com/en-us/security/bulletin/

https://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers#page_top

One thought on ““The Flame” and Why You Shouldn’t Be Scared (Or Should You Be?)

  1. I do believe all the concepts you’ve offered for your post. They’re really convincing and will definitely work. Nonetheless, the posts are very short for beginners. Could you please lengthen them a little from next time? Thank you for the post.

Leave a Reply

Your email address will not be published. Required fields are marked *