Flame 'first Windows-based malware ever observed to use Bluetooth'

malware keyboard security bug virus

Despite all the hype I've complained about these last few days regarding Flame, there is some interesting research from the vendor community worth noting here, including the malware's affinity for Bluetooth.

Symantec sent me the details in an email last night. Among other things, their researchers have learned that Flamer is "potentially the first Windows-based malware ever observed to use Bluetooth." Why exactly the attackers built this functionality into the threat is still a mystery, but three theories have emerged as a result of Symantec's technical analysis:

1. To map infected users' social and professional circles by cataloguing the various other Bluetooth-enabled devices encountered.

2. Identify the physical locations of infected users to determine their proximity to high-priority targets, whether those targets be other individuals or computing systems.

3. Target other Bluetooth devices within range to steal information off them, us them to eavesdrop or leverage their data connections to exfiltrate already-stolen data.

"Though the precise intentions of including Bluetooth connectivity into the threat's code cannot yet be determined, these three plausible scenarios further confirm Flamer's sophistication as an advanced espionage tool," Symantec said.

Back to the hype aspect of this: Now that we've had a few days to look at this monster piece of malware, some security researchers are telling the world to calm down and not panic over it.

My old friend Dave Marcus, security research director for McAfee, told the V3 tech site: "The short answer is, if you are worried about Flame make sure your anti-virus is updated and you are operating with best practices. "Quite honestly, unless you are an administrator at a Middle East energy facility, you do not have a lot to worry about."

Our own Taylor Armerding got similar feedback yesterday:

Gary McGraw, CTO of Cigital, said he hopes security vendors and enterprises alike will get beyond the panic and hype and use the discovery of Flame as a teachable moment.

"Every once in a while a security disaster sticks up like the top of an iceberg," he said. "That's an opportunity to teach people how to do it right. When I talk about this, I try to bring it back around to what is the root problem, which is that we're relying on systems that aren't secure. The only way to deal with it is to build software that doesn't suck."

It seems that sanity might prevail.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Healthcare records for sale on Dark Web