Published on June 1, 2012
The recent discovery of the Flame
malware (also called Flamer and several variations of Skywiper)
has raised a number of questions about both this particular piece
of malware and about the state of digital security overall. Although
the (apparently targeted) threat of Flame has been largely neutralized,
lingering doubts remain about the ability of companies and even
nations to maintain secure networks.
Flame is large, as far as malware goes, at about 20MB. It is a
modular architecture with a number of potential functions including
detection and activation of audio recording devices, screen captures,
password extraction and more, targeting Windows Vista and 7 systems.
But it is not a widely spread virus: instead, it is highly targeted,
with most infections located in the Middle East and Eastern Europe;
the latest count is somewhere around 1,000 infections total. The
country with the most instances of the malware is (perhaps not surprisingly)
Iran, which was also targeted by the Stuxnet and Duqu worms. Flame
is controlled remotely through command and control (C&C) servers,
but as InformationWeek notes ("Flame
FAQ: 11 Facts About Complex Malware"), "an analysis of one of
Flame’s DLL files…found that all the C&Cs seem offline or sinkholed
now. Sinkholing refers to a technique used by security researchers
to redirect botnet communications, thus allowing them to study infections."
To read further, please visit the Data Center Journal