U.S. companies, government not likely burned by Flame
Hope is security vendors, enterprises will get beyond panic and use the Middle East-focused malware as a teachable moment
May 31, 2012 — CSO — U.S. companies and government entities probably don't have to worry about being burned by Flame, the super Trojan discovered several days ago by Moscow-based Kaspersky Lab and described by some analysts as the most sophisticated Advanced Persistent Threat yet encountered.
But that does not mean they shouldn't be worried. The likely reason they haven't been hit is that they are not targets. Flame's major targets were Iran, Israel and other areas of the Middle East. Mikko Hypponen of F Secure, in a Q&A blog post, wrote: "Are you a systems administrator for a Middle Eastern government? No? Then no ... you aren't at risk."
There is also the fact that it is an espionage tool, and was only useful while it remains a secret. Now that it is compromised, it is essentially out of business.
Still, the discovery of Flame (some are calling it SKyWIper) long after it was created -- some reports say it has been in existence since 2010, and others say it may go back as far as 2007 -- means there may be others like it out there in the wild, still undetected and siphoning crucial and confidential data from American firms and government entities ranging from elected officials to law enforcement and the military.
Gary McGraw, CTO of Cigital, said he hopes security vendors and enterprises alike will get beyond the panic and hype and use the discovery of Flame as a teachable moment.
"Every once in a while a security disaster sticks up like the top of an iceberg," he said. "That's an opportunity to teach people how to do it right. When I talk about this, I try to bring it back around to what is the root problem, which is that we're relying on systems that aren't secure. The only way to deal with it is to build software that doesn't suck."
No, he doesn't mean it is possible to build software that is impenetrable. "You're probably not going to be able to defend yourself against the U.S. government," he said, "but we're still a long way from making it no longer [financially] feasible," for the average cybercriminal to invade networks.
By now, there is general agreement on the basics about Flame. It is big -- very big. At 20MB, it is 20 times the size of the Stuxnet virus. It has multiple capabilities. They include, according to a McAfee blog post, everything from scanning network resources(to stealing information, communicating to C&C Servers over SSH and HTTPS protocols, detecting more than 100 security products (antivius, anti-spyware, etc.), creating screen captures (and recording voice conversations.