Now may be a good time to click the update button to your anti-virus software. A couple of weeks ago, while trying to locate and identify a very illusive viper/wiper program that has been infecting Iranian computers, Kaspersky Lab has detected something even larger and more threatening than described. The malware, currently dubbed as “Flame”, is speculated to be another step towards cyber-war.
The malware has been named after a common name in its modules “flame_props”. This malware has been said to be 20 times larger and more complicated than a previous Cyber-war tool named Stuxnet. Stuxnet and Duqu were two of the cyber-war weapons that were launched around 2009 and 2010. These malware were considered monsters of their time. Stuxnet apparently took at least half a year for Kaspersky Lab to analyze and it may take at least 10 years to bust Flame open. These malware ran rampant in Iranian computers and sought to gather data and destroy infrastructure.
Flame has been recorded to be infecting several countries in the Middle East, with Iran as the leading target. The size and scope of Flame’s targets seem to reflect that this is again another Government-backed cyber assault, with goals of espionage in mind. Flame has been reported to be gathering data and even deleting data from target systems. Even the spread of the malware is well controlled and remained undetected for 2 years and maybe even longer. The scope of attack and similarities to Stuxnet rules out independent acts of cyber criminals.
In Kapsersky’s statement, Flame infects its targets by installing a small compressed file into the drive, then further downloads and deploys up to 20 modules that allow the attacker to perform several tasks, taking virtual control over the affected systems. The total size of the toolkit reaches 20 MB, compared to the 500 KB of Stuxnet. The plug-ins can be deployed and turned off at will by the attacker, including well controlled deployment into USB hosts, making the malware harder to detect. It even has the ability to completely wipe itself from a computer, further making it difficult for large anti-virus firms like Kaspersky Lab to detect and analyze. Someone is definitely in the steering wheel of this ride. Flame is a malware that has grown exceedingly complicated compared to its predecessors. Who knows how many more of these are in the wild, still running undetected?
So what can this malware do? Nearly every recording and data gathering capacities of you computer is at its employ. Kaspersky Lab reports that Flame can effectively use your computer’s microphone to record conversations. It can view your keystrokes. It can browse all your data and communications in the internet. It can even use the Bluetooth device of your computer and access other devices in its coverage, gathering personal information, like names and phone numbers. It can choose who to infect and when is the best time to strike. It has all the makings of an espionage tool. No wonder Kaspersky Lab thinks this may very well be a nation’s attack upon another.
This poses a threat not only to the infected countries, but other countries as well who may one day fall on the attacker’s radar. Some can only cry out for the legality of these attacks, as these are basically Government-approved cyber crimes. For this incredibly powerful malware to fall on the wrong hands would be disastrous to the whole internet community. Privacy has become a very sensitive term in the internet, and this privacy may soon be no longer in our control, if stuff like these can be deployed and run undetected for many years. If the government can get away with attacking industries for their data, what is stopping them from spying on each and every one of us regardless of their reasons?