Flame Malware: A Sleeping Giant
A complex malware known as Flame has reared its ugly head and has security research firms scratching their heads with wonder, trying to find the answers to several questions. Just how long this sleeping giant has been around is not exactly known. Preliminary reports from Symantec say it may have been around since 2010, while other security research firms believe Flame has been around since 2007, freely roaming the Internet, undetected by antivirus companies.
No matter how long Flame has existed, CrySys researchers claim it is the most sophisticated malware they have come across and quite possibly the most complex malware ever discovered, according to PC Magazine. Udi Modkady, Cyber-Ark CEO, claims this virus is 20 times more advanced than the Stuxnet computer worm discovered in 2010. Flame malware is alive and waits for directions from its master. It is waiting to be told where to go and what to do next.
Just how large is Flame malware? Dave Marcus, director of security research at McAfee, told eSecurity Planet that most malware ranges in size from 1 MB to 3 MB, whereas Flame is noticeably larger at around 30 MB. Other security research firms believe it to be the largest piece of malware they have ever analyzed, predicting it could take months to go through the whole thing. According to CNN, Alexander Gostev, Kaspersky Lab's chief security expert, predicts it may take years to complete the analysis of Flame's code because of its size and complexity. Kaspersky Lab took 6 months to analyze Stuxnet, leading some to believe it may take 10 years to completely understand Flame.
According to Dave Marcus, Flame appears to attack a specific geographical region, with little chance of it becoming widespread. This is clear with the discovery that most of the infected computers were located in Iran, with Israel running a close second. In fact, it was the Iranian Computer Emergency Response Team that alerted security research firms to this malicious code that steals information from infected computers and sends it back to a network comprising at least 10 command and control servers. It appears the original design of the malware was intended to ensure modular scalability. The writers used several different types of encryption and coding techniques with a local database built-in. This local database could potentially store information taken from handheld devices, even when not connected to the Internet. If the malware can infiltrate a handheld device while it isn't connected to the Internet, it could effectively store all the data and move it to a command and control server in the future.
Although no one seems to know who wrote the Flame code, many experts agree that a single person could not develop a malware this large and complex on her own. CrySys researchers think Flame could be a tool of cyber warfare, but others disagree with the notion that Flame was developed by a government agency, even though Israel, the U.S., China, and Russia have the funds and the knowledge, according to Udi Modkady. Currently, Symantec's research team is attempting to trace Flame back to it origin. They are digging for any evidence that may link any threats Flame has exposed.
Even though the Flame malware is a massive, the risk to most organizations appears moderate. The chance of IT departments in the U.S. encountering an attack of Flame, is minimal. Even if Flame malware infected your database, it probably wouldn't affect anything. Major antivirus vendors are already coming up with detection signatures to identify Flame, so keeping your antivirus software updated and making sure your employees update the antivirus software on any device they use for business should keep your database safe.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.