Network Security

Flame Virus (Worm) – Some good resources to read to know more

Many of us might be familiar with Stuxnet, a major worm that was discovered in the Iranian nuclear facility. More recently the news about another major worm called Flame discovered in Iranian oil companies has hit the headlines. While Stuxnet was about 500 KB in size, the new worm is around 20 MB when all its modules and libraries are installed in a system. Let us find out what makes the Flame virus (worm) a part of the newly developing trend of cyber warfare. Links to some major news sources where you can read more about Flame are also included in this article.

What are the reported capabilities of Flame virus till now?

  • Turns On the microphone to listen to the conversations around the computer/laptop
  • Can listen to communications over Online messengers/Skype
  • Steals contact information/phone numbers from bluetooth enabled devices in the vicinity
  • Takes frequent on-screen snapshots of all activity on an infected machine
  • Can install key-loggers and other malicious software on an infected machine
  • Can discover user-names/passwords and sniff network traffic to gain administrative access to important systems on a network

It seems, Flame connects to a command and control server via a secure SSL channel to send information and receive commands. Hence, it does not act/spread automatically (unlike Stuxnet). Read more from this interesting article about Flame on wired.com – ‘Meet Flame – The massive spy malware infiltrating Iranian computers’.

Flame uses a programming language called Lua, which is the language used to create games like Angry Birds. In addition to the premise that there were very few malware programs using this language, the size of the virus seems to be too big (hundred times the size of most other malicious software on the net). Is this an indicator of amateur coding or is this really cyber warfare? Read, ‘Was Flame virus written by gamers? Code is similar to apps such as Angry Birds’ by dailymail.co.uk.

Even though the code seems to have been written by amateurs, is the choice of the programming language and file size a deliberate attempt to divert the attention of security companies? Also, Lua is the fundamental part of a hacker tool called NMAP says, ‘Was Flame virus written by cyberwarriors or gamers?’ article by redtape.msnbc.msn.com.

‘The Flame Virus: Spyware on an unprecedented scale’ article by readwriteweb.com has a table comparing Flame and Stuxnet worms made by CrySys at the Budapest University of Technology and Economics.

‘Flame virus spread through rogue Microsoft security certificates’, says news.cnet.com

Cyber warfare is not a one-sided affair. Code can always be reverse engineered by victim nations and sent back to attack the perpetrators. Any country (especially a developed nation that uses Internet exhaustively) is susceptible to cyber warfare and it is extremely cost-effective when compared to other modern warfare techniques, notes this brilliant article, ‘Super virus Flame raises the cyber war stakes’ on money.cnn.com.

excITingIP.com

You could learn more about the various computer networking/enterprise IT technologies by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’

Bitnami