Since March, cyberland has been seriously shaken by the discovery of a huge and powerful computer virus dubbed Flame – the most complex discovered to date. As if the 20MB size and the complexity of this malware were not sufficient to generate headlines, the fact that it surfaced in security labs in Iran, Russia and Hungary and is believed to have been undetected for two years by online Internet security/malware companies is even more astounding. Here’s an overview of what has been reported and some initial responses from industry leaders.
First of all, the sheer volume of cyber attacks via the Internet is staggering. Statistics vary depending on the source, but the most reassuring suggest that a PC connected to the Internet will have between 40 and 200 minutes before an automated probe assesses its vulnerability for access. Other industry sources quote even less time. Windows users know the importance of keeping PCs updated with patches or security updates from Microsoft. Computer users also know that they need software to search and block viruses, worms and other programs that compromise the computer and allow it to be used by a third party. We are constantly warned about the need to be proactive in protecting our email and the data stored on our PCs with the latest computer security software.
The industry that protects consumers from malware is reactive. Computer security companies find solutions when a new piece of malware appears. The good guys are always playing catch-up to stop the damage unleashed by the bad guys. As customers, we have to stay on our toes, downloading patches promptly and responding to updates and alerts.
The discovery of Flame, highly complex malware that was sufficiently smart to avoid all detection for two years, underscores the danger of this reactive response to the problem. Nobody found it, so it didn’t exist – and neither did any type of deterrent. The creators of Flame have yet to be identified, but industry experts believe something of this nature is an expensive high-end project. Some have seen similarities between Flame and Stuxnet, a worm that attacked the Iranian nuclear program. Speculation as to which government (or governments) might have developed such a tool has been rife. Stuxnet included a kill switch, which obliterated all traces of it from an infected machine; when that switch was activated, it made identification of its source impossible.
All this suggests that the Flame virus is a cyber weapon designed to steal documents, take screen shots and disable security products rather than a type of malware designed to attack individual PCs. But there have been fears in West Asia that the malware might spread to other systems. Most U.S. industry experts believe that the average PC user need not be seriously concerned because Flame appears to have had very specific targets.
However, there are overall implications for U.S. computer users and for all Internet users. This serious threat has caused the industry and its customers to rethink the current approach to security and protection. The computer industry has been thrust into a whole new world of computer security threats. Innovative methods of detecting viral patterns early are needed to detect and protect networks faster than the virus is able to replicate. The Flame virus has highlighted the deficiencies of the old reactive prototypes and has given us the impetus to develop a new approach to cyberspace safety.