GlobalSecurity.org - SITREP Situation Report | Flame virus makes great press release

Posted by George Smith on 05/29/2012 :: Permalink

Discovery of cyberwar superviruses like Flame is good for generating interest and international publicity for anti-virus firms. Therefore they will compete more vigorously in the doing of it. Which is a back-handed benefit to everyone because it will more quickly spoil cyberwar and international harassment campaigns launched by military and intelligence agencies.

On Memorial Day, Kaspersky Labs generated widespread news on the discovery of the Flame virus. Taking directly from its press release:

Kaspersky Lab announces the discovery of a highly sophisticated malicious program that is actively being used as a cyber weapon attacking entities in several countries. The complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date.

The malware was discovered by Kaspersky Lab's experts during an investigation prompted by the International Telecommunication Union (ITU). The malicious program, detected as Worm.Win32.Flame by Kaspersky Lab's security products, is designed to carry out cyber espionage. It can steal valuable information, including but not limited to computer display contents, information about targeted systems, stored files, contact data and even audio conversations ...

Although the features of Flame differ compared with those of previous notable cyber weapons such as Duqu and Stuxnet, the geography of attacks, use of specific software vulnerabilities, and the fact that only selected computers are being targeted all indicate that Flame belongs to the same category of super-cyberweapons.

There are a few observations one can make from the Flame virus incident.

1. It would appear you can hide your malware longer if it is designed to specifically attack only pariah nations like Iran and Sudan, the latter which has nothing worth stealing by cyber-espionage, anyway. But eventually, even though it takes awhile, the virus will always screw up or splatter and wind up somewhere else. Like Hungary. Oops. Sorry 'bout that.

2. Therefore we know countries like Iran are very poor at cybersecurity. They may remain that way due to the nature of the regimes, leadership and really lousy social fit with networked computing, which is directly inimical to their interests and way of doing things. (Notorious braggarts: "The Iranian government said Tuesday it has produced an antivirus program capable of fighting what computer experts are calling 'the most sophisticated cyber weapon yet unleashed' ...)

3. Flame was probably discovered because it eventually did spread onto non-target systems in Israel or elsewhere causing unspecified problems noted by the "International Telecommunication Union."

4. Every virus worthy of a press release, discovered infecting the sensitive computers of western enemies, like Iran, is a supervirus of astounding complexity and another proof of the growing terrible menace of cyberwar.

Again, to reiterate, the publicity is a good thing because it causes anti-virus firms to compete for it. When they do so they guarantee a race to discover and devise cures for cyberweapons programmed by the military and intelligence Internet subversion and nuisance programming shops of the west. They already do the same thing for the criminal programming shops of the world and the military and intelligence nuisance Internet subversion shops of the east.

The author of this post wrote one of the first books on computer viruses and who made them. You did not.

Related: Viral advertising.

And now for today's musical and vaudeville interlude, "Rumble:"