The incredibly sophisticated and dangerous Flame virus has already been responsible for impacting the oil industry and spying on Mideast computers. But what happens if it spreads even further, and who is to blame? Researchers are still looking for clues, but few are surprised by the outbreak.
Last week, McAfee -- which dubs itself as the world's largest dedicated security technology company -- released its first-quarter 2012 threats report, highlighting an increase in malware across all platforms. The report shows that, in the first quarter, PC malware reached its highest levels in four years, with a steep increase in malware targeting the Android platform. Mac malware was also on the rise, indicating that total malware could reach the 100 million mark within the year.
"In the first quarter of 2012, we have already detected 8 million new malware samples, showing that malware authors are continuing their unrelenting development of new malware," said Vincent Weafer, senior vice president of McAfee Labs.
A U.S. Threat?
It appears that the Flame virus, which has been topping news reports for the past week, may have been used for espionage in the Middle East for years. Iran has disclosed that Flame infected computer systems controlling the flow of oil in that country, and it was forced to cut Internet links to its main oil export terminal to try to contain the virus.
The virus appears to be the work of a well-funded organization, possibly a national government. It is reportedly capable of logging keystrokes, taking screen shots, using a computer's audio system to listen into conversations or Skype calls, and even to tap into nearby Bluetooth-enabled cellphones.
We caught up with Neil Roiter, director of research at Corero, about Flame. He told us Flame is remarkably sophisticated and can be used against a variety of targets.
"Learning that Flame has been in use for two years, perhaps longer, underscores concerns that similarly complex malware could be directed against U.S. companies, institutions and government agencies," he said.
"Organizations should not be lulled by the fact that this particular malware has been used against selected targets -- primarily in the Middle East," Roiter said. Instead, they need to "increase vigilance in network monitoring and analysis to detect anomalous, surreptitious activity within their perimeters."
Keeping a Low Profile
We also asked Gunter Ollmann, Damballa's vice president of research, to discuss his insights regarding Flame. He cautions our readers against some of the jumps people are making related to where the threat is coming from. As he sees it, the actors behind this threat have successfully managed their targets and victims, keeping a low profile and not going for the masses or complex setups. (continued...)