Flame has already been responsible for impacting the oil industry and is credited with spying on Mideast computers. But what happens if it spreads — and who is to blame? Researchers are still looking for clues but fewer are surprised by the outbreak.
Last week, McAfee released its first-quarter 2012 threats report, which shows an increase in malware across all platforms. The report shows that in the first quarter, PC malware reached its highest levels in four years, as well as a steep increase in malware targeting the Android platform. Mac malware was also on the rise, indicating that total malware could reach the 100 million mark within the year.
“In the first quarter of 2012, we have already detected 8 million new malware samples, showing that malware authors are continuing their unrelenting development of new malware,” said Vincent Weafer, senior vice president of McAfee Labs.
A U.S. Threat?
Flame, discovered this week, may have been used for espionage in the Middle East for years. Iran has disclosed that Flame infected computer systems controlling the flow of oil in that country, and it was forced to cut Internet links to its main oil export terminal to try to contain the virus.
The virus is said to appear to be the work of a well-funded organization, possibly a national government. It is reportedly capable of logging keystrokes, taking screen shots, using a computer’s audio system to listen into conversations or Skype calls, and even to tap into nearby Bluetooth-enabled cellphones.
We caught up with Neil Roiter, director of research at Corero, about Flame. He told us Flame is remarkably sophisticated and can be used against a variety of targets.
“Learning that Flame has been in use for two years, perhaps longer, underscores concerns that similarly complex malware could be directed against U.S. companies, institutions and government agencies,” he said.
“Organizations should not be lulled by the fact that this particular malware has been used against selected targets — primarily in the Middle East — but increase vigilance in network monitoring and analysis to detect anomalous, surreptitious activity within their perimeters.”
Keeping a Low Profile
We also asked Gunter Ollmann, Damballa’s vice president of research, to discuss his insights into Flame. He cautions our readers against some of the jumps people are making related to the where the threat is coming from. As he sees it, the actors behind this threat have successfully managed their targets and victims, keeping a low profile and not going for the masses or complex setups. (continued…)