This week there has been a lot of hype in the media about cyber-spying malware floating around in the Middle East, but unless you’re a government official or weapons researcher over there, you’re likely not in danger of becoming infected with it.
Even so, the insidious nature of Flame (a.k.a Flamer or Skywiper) shows that the ability of hackers to infiltrate and spy upon people’s computers has been taken to the next level.
According to Kaspersky Lab, Flame is an attack Trojan that has worm-like features and is one of the most comprehensive spyware programs ever found.
“Flame/Skywiper buries itself deep in the Windows operating system, makes sure it runs upon computer startup, tailors itself to hide from specific brands of anti-virus software, turns on the computer's built-in microphone to record audio conversations, logs keyboard typing, changes the Bluetooth configuration to spy upon nearby cell phones, tablets and laptops, takes screenshots, monitors wired and wireless network activity and sends whatever information it's gathered off to command-and-control servers in a dozen different countries,” reports TechNewsDaily.
Experts believe Flame is so sophisticated that it surpasses the 2010 Stuxnet virus attack that targeted Iran's nuclear program or another infamous virus called Duqu. It has been around for the last two years and was discovered after computers within Iran's energy industry were wiped clean of data.
An agency within the United Nations put out a warning—the most serious it ever issued—that other nations face the risk of attack and that the Flame virus is a dangerous espionage tool that could potentially be used to attack critical infrastructure.
So far, security companies aren’t saying that Flame poses a risk to average Internet users. In fact, Sophos notes that the malware has only been discovered on a few hundred computers.
Yet such malware shows the challenges users and companies face every day when targeted by calculating and skillful operators. Flame, in particular, stands out due to its size and scope.
In our interview, the Director of Norton's Star Program Kevin Haley said that the Flame file is around 200MB. This makes it a much bigger file than most other malware, which is usually around a few kilobytes in size. Because of its size, Flame can be hard to detect and may trick users into thinking that it is a legitimate program.
Haley also indicated that Flame was most likely built by multiple groups of people working on it separately with the final result being a combination of all their efforts, an indication that a government institution such as Israel sponsored its development.
“It looks like it took a lot of time and resources. This probably took multiple people probably six months or more to write,” he said. “It is built so it is easy to write a new module adding functionality. They don't have to create a new malware from scratch.”
“Typically, malware doesn't take long to analyze and understand but it is an indication how complex this software is. It will take us a long time,” he said.