HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 6 MINUTES AGO.
You are here: Home / Computing / Avoiding the Burn of Flame Malware
Avoid Getting Burned by Flame Malware
Avoid Getting Burned by Flame Malware
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
31
2012

The incredibly sophisticated and dangerous Flame virus has already been responsible for impacting the oil industry and spying on Mideast computers. But what happens if it spreads even further, and who is to blame? Researchers are still looking for clues, but few are surprised by the outbreak.

Last week, McAfee -- which dubs itself as the world's largest dedicated security technology company -- released its first-quarter 2012 threats report, highlighting an increase in malware across all platforms. The report shows that, in the first quarter, PC malware reached its highest levels in four years, with a steep increase in malware targeting the Android platform. Mac malware was also on the rise, indicating that total malware could reach the 100 million mark within the year.

"In the first quarter of 2012, we have already detected 8 million new malware samples, showing that malware authors are continuing their unrelenting development of new malware," said Vincent Weafer, senior vice president of McAfee Labs.

A U.S. Threat?

It appears that the Flame virus, which has been topping news reports for the past week, may have been used for espionage in the Middle East for years. Iran has disclosed that Flame infected computer systems controlling the flow of oil in that country, and it was forced to cut Internet links to its main oil export terminal to try to contain the virus.

The virus appears to be the work of a well-funded organization, possibly a national government. It is reportedly capable of logging keystrokes, taking screen shots, using a computer's audio system to listen into conversations or Skype calls, and even to tap into nearby Bluetooth-enabled cellphones.

We caught up with Neil Roiter, director of research at Corero, about Flame. He told us Flame is remarkably sophisticated and can be used against a variety of targets.

"Learning that Flame has been in use for two years, perhaps longer, underscores concerns that similarly complex malware could be directed against U.S. companies, institutions and government agencies," he said.

"Organizations should not be lulled by the fact that this particular malware has been used against selected targets -- primarily in the Middle East," Roiter said. Instead, they need to "increase vigilance in network monitoring and analysis to detect anomalous, surreptitious activity within their perimeters."

Keeping a Low Profile

We also asked Gunter Ollmann, Damballa's vice president of research, to discuss his insights regarding Flame. He cautions our readers against some of the jumps people are making related to where the threat is coming from. As he sees it, the actors behind this threat have successfully managed their targets and victims, keeping a low profile and not going for the masses or complex setups.

"The collection of files doesn't point to anything not already seen in most common banking Trojans or everyday hacking tools," Ollmann said. "This doesn't make it less dangerous, it reflects the state of malware development -- where 'advanced' features are standard components and can be incorporated through checkbox-like selection options at compile time."

Protecting Against Flame

Troy Gill, a security analyst at AppRiver, offers some wisdom in the form of dos and don'ts when dealing with the likes of Flame. For example, Gill said busy network admins should keep up-to-date with the organization's disaster recovery plan, keep systems upgraded and give employees access only to the information that's required to perform their jobs.

"Know your employees and educate them. So many employees are unaware of the threats that are out there. Take the time to educate them on these threats," Gill said. "The use of a reliable Web filter can block malicious Web pages when an unknowing victim is attempting to access them. Many of these infections lay in wait on trusted Web sites that would ordinarily be harmless."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN COMPUTING
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
The FBI is pointing the finger of blame for the Sony Pictures cyberattack directly at North Korea. The hackers stole confidential data and caused the movie giant to can its new comic film, "The Interview."

ENTERPRISE HARDWARE SPOTLIGHT
Remember the classic BlackBerry that took the cell phone market by storm in its heyday? Well, it’s retro time at the Canadian handset maker as it rolls out the aptly-named BlackBerry Classic.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.