By Kipp Report
If you haven’t been living under a rock for the past two weeks, you probably would have heard of the virus ‘Flame.’ Initially discovered late May by Russian cyber security software Kaspersky Lab, the virus was described as the “most complex piece of malicious software yet found .” Initial speculations pegged Flame as being as old as five years and designed to engage in “state sponsored espionage.” Yes, the speculations were pretty bad, and it didn’t help that media outlets helped spread the fear. Remembering the likes of swine flu, Kipp has been rather cynical about viral viruses. But before we go so far as to demonize the attention given to Flame, it is probably well noting that the virus has lead Microsoft to focus on strengthening the security of the Windows Update software-the software that Flame is believed to imitate in order to get installed on a computer.
None the less, Kipp can’t help but wonder if indeed the virus is as dangerous as the speculators claim it is. Kipp spoke to Nicolai Solling, Director of Technical Services, help AG Middle East to find out more about the virus.
What is the Flame virus?
The Flame virus is a relatively advanced tool set of the malicious code that can be executed on a machine to gather or harvest data on a specific machine. Flame is an application if installed on a machine and it is executed it will allow the attacker to gather information on the machine.
What is the scope of the virus? Should we be worried?
As we find out more about the virus, we know the extent of its distribution is quite limited. As of last week, there are only a couple of hundred of machines known to be affected by the virus. Anyone could get Flame but as I said earlier, the amount of machines affected are very low. The machine has to be exploitable for particular vulnerability. Many organizations don’t have an environment where Flame could be installed in. As long as you follow good specific securities practices and have a predictable environment, there is no reason for you to be concerned about the virus.
What kind of actions can one take to protect yourself from the virus?
Currently, with what we know about Flame, I wouldn’t say the virus is anything the average user should lie sleepless at night about. Flame wasn’t as distributed as initially feared. If you running an updated antivirus and follow the normal practices, you make sure it is updated you will be safe. Another thing to note, is Flame is not that difficult to remove. Of course, this leaves out some users particularly those users who use pirated software and as such, are unable to update their software with security updates.
Do you think the attention around Flame is all hype?
Well that depends on from what angle you see it. From a technical perspective, Flame is very intriguing as it is a rather advanced and impressive tool. If a computer was infected with Flame, the extent of information Flame would be able to pull from the computer is extensive. We haven’t seen anything like this before. On the other hand, the distribution, vulnerability and the exploitability that Flame was using may have been exaggerated. Having said that, at the time the news came out we did not know how many machines were infected or the extent of the virus. It will be interesting to see how Flame evolves. Going forward, we will see more and more advanced versions of the virus. It may have a different name but this isn’t the last ‘Flame’ we will see.
