Since Monday, the media worldwide is raving about the new malicious software called "Flame," or Worm.Win32.Flame. The reports laud Flame as the most sophisticated piece of cyber espionage code ever to be devised, saying the complexity of the virus and range of the strike "must" mean that this malware attack was a government-funded operation.
Iran, which was Flame's prime target, admitted that its computers took a significant hit and that "large amounts of data were corrupted and lost." It was also quick to blame Israel for the cyber-strike, saying that, "Top Israeli officials all but admitted that they have created the most complex spyware in history."
- Powerful cyber weapon found in Middle East
- 'Flame virus aims to gather intelligence'
- Iran: Israel behind Flame attack
Tehran also said that even though the malware was able to crack over 43 different virus protections, its expert have already been able to analyze and block the attack.
More recent opinions however, say that Flame will take a long time to dissect. Leading publications such as British magazine The Register and the US' PC World Magazine called Flame "a media hype," citing a spokesperson for anti-spyware software company Webroot as saying that "The underlying threat has been known since 2007."
Whether connected to previous "Stuxnet" and "Duqu" attacks or not, whether as sophisticated as claimed to be or not, and whether government funded or not, Flame has penetrated highly secure computer systems and sent out large amounts of what is most likely very sensitive information.
A worm on a mission
Flame is essentially a "worm": A worm differs from a computer virus in that it is designed to track and send specific information back to its operator. A computer virus on the other hand is designed to perform specific actions on the host.
Worms are characterized as relatively small pieces of code, which exploit specific weaknesses in the host's operating system in order to penetrate and infect that host. The worm works as part of an infected process previously known to the host which makes it difficult to detect on the one hand and legitimate to the host on the other.
General malware is designed to infect and attack any host it can. As such, it has certain characteristics that makes it relatively easy to detect by good antivirus software. Target-Specific Malware is designed to hone in on specific hosts and is usually created with enough intelligence that lets it know the target’s defense weaknesses. As Falme has proven, it is a target-specific worm.
A huge advantage, so to speak, of target-specific malware is that it does not need to infect multiple hosts in order to do its job, and therefore it is virtually impossible to detect by ordinary antivirus software. The only chance the "victim" has of detecting a target-specific worm is by good use of Anomaly Detection Systems (ADS).
These systems may detect anomalies in web traffic; alert the cyber security team which in turn should initiate an investigation, hopefully leading to the worm’s detection and removal. This type of cyber security however, requires huge spending and is rarely implemented correctly.
Iran's brush with "Duqu" and disastrous encounter with "Stuxnet" prove that the Islamic Republic is, indeed, lacking in that department.
The bad news is that like any other security system, cyber security systems can always be penetrated with the right amount of resources, making any computer system – even those on a state level – vulnerable to cyber-attacks.
Interpol estimated recently that some 10,000 cyber attacks occur in Israel every minute, but while terrorists and criminals are quick to utilize new technologies to carry out such attacks, about 80% of online violations are committed by crime organizations – not terrorists.
The good news is that your personal computer and business network are most likely not the target to government-funded target-specific malware. Just don't forget to update your anti-virus program.
Assaf Turner is an information and physical security expert and the CEO of Maya Security
- Receive Ynetnews updates
directly to your desktop