New Cyber Threat: Flame/Flamer/Skywiper Virus

Over the weekend, reports surfaced about a new malware called Flame (some called it Flamer, and some others called it Skywiper). Within a short period of time, all top antivirus vendors, for example Symantec, Kaspersky, and McAfee, published information on this malware. So far, this virus has been found to affect Windows machines, and it has been detected mostly in the Middle East.

The details on this threat, despite the scrutiny, are not 100% clear. What is known is that it is 20MB, a huge size for a threat. The reason it’s so large is because it has many different modules. The sheer size means that it will likely take antivirus vendors a long time to fully analyze Flame.

This threat spreads via infecting the autorun.inf file on a USB stick. When that USB stick is inserted into a computer, that computer would become affected.

What worries people the most about this threat is its capability. Some activities that Flame can accomplish include exploring nearby Bluetooth devices, reporting on network resource, and doing a screen capture. It then transmits these captured information out to a host. The communication also goes both ways, as the host can give direction to Flame on what to do next. One may think that we can detect the origination of this worm by following where stolen data gets transmitted. However, it’s not that easy. With the use of proxy servers, it’s fairly easy to hide the traces. In fact, right now researchers are still not sure who may be behind the Flame worm. The only thing people agree on is that due to the complexity of the worm, this is likely the work of an organization, possibly state-backed, though there is no concrete evidence of this.

How can you protect yourself from this? All major antivirus vendors mention that their product can catch and remove the Flame worm. So, it appears if you have an antivirus software installed on your machine, you are safe.