Is the hype surrounding Flame blazing a FUD-fueled trail of panic?

Is the hype surrounding Flame blazing a FUD fueled trail of needless panic? (Img: Kaspersky)

Over the holiday weekend, security researchers started buzzing about a new piece of malware discovered in Iran. As the firms dig deeper in to the code, speculation has caused a flood of sensationalistic headlines in the news. Is all the hype worth it?

Flame (a.k.a. Flamer or SkyWIper), gained traction after Iran’s CERT (MAHER) identified it as the source of a series of cyber attacks against their energy sector. As such, they called it a direct continuation of the Stuxnet and Duqu attacks.

Additional information, in the form of a massive report from CrySys Lab [PDF], a Hungarian security team, outlined the operational features of Flame, including the ability to scan network resources, copy information and transmit it to a pre-determined source, AV detection (it scans for more than 100 security applications), and propagation via USB or LAN.

Flame appears to have remained hidden for some time, going undetected since its development in 2010. However, Webroot, another security firm working on better understanding its mechanics, said that they were detecting it as early as 2007.

Moreover, the fact that it can infect Windows XP, Vista, and Windows 7 platforms, has led some researchers to speculate that there is an unknown vulnerability being exploited in the wild.

“Analysis shows this to be an extremely stealth-like attack that appears to be benign, however deeper inspection reveals cleverly concealed malicious functionality,” Symantec said in a statement.

“The threat may also have the ability to leverage multiple known and patched vulnerabilities in Microsoft Windows, in order to spread across a network.”

To date, Flame has been detected in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt. The purpose, yet another throwback to Stuxnet and Duqu, is to collect information on the operations within the areas where it was discovered.

Major security firms such as Kaspersky, Symantec, and McAfee published their individual initial findings on Monday, mostly forming the same conclusions; Flame appears to be a directed weapon, and according to Kaspersky Labs, it is “one of the most complex threats ever discovered.”

“Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide,” said Eugene Kaspersky, said in a statement. “The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country.”

So is all the hype around Flame worth it? Not according to Marcus Carey, a security researcher for Rapid 7, who is not only skeptical about the “worst ever” claims being made about Flame, he is hesitant to even buy into the claims that it is state sponsored malware.

“This new ‘discovery’ shouldn't change the day-to-day lives of security operations professionals,” he said.

“None of the methods of this malware are particularly new. I've seen an emphasis on Lua being something that makes this exploit kit something new, but the fact is that penetration testers have been using tools that heavily leverage the Lua programming language for the last couple of years. In software development it is common to re-use software to meet various goals. It doesn't make much sense to re-invent the wheel, so attackers, including 'state sponsored' use readily-available exploits and frameworks to meet their objectives.”

Another disturbing trend he has observed is the emphasis on if there is a zero-day vulnerability being used by Flame. The question that needs to be asked, he explained, is whether the tool works. “Effectiveness is the only thing that matters,” he explains.

Also, size is not an indication of advancement. Another aspect of Flame that has been discussed in the current news cycle is the size of the Flame malware itself – 20MB. It’s likely the largest malware sample on record with such a sinister ethos.

“Peiter Zatko of DARPA constantly reminds us that the average malware contains 125 lines of code, so I guess that anything beyond that is advanced,” Carey commented.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably  causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.