Stuxnet has Competition, Called FlameA new virus is ravaging the developing world, and this time there are thousands infected. No, it’s not the next super-plague. But it is the most sophisticated computer worm ever detected. And it is single-handedly redefining what cyberwarfare is.
Flame is a huge virus first detected by Kaspersky Labs. It records microphone input. It takes screenshots of your desktop. It monitors bluetooth connections and attaches to them. It saves data from files and emails. Then, when it has all that data, it uploads it to a remote server out there somewhere. Kaspersky called it "one of the most complex threats ever discovered," and it is running on thousands of machines throughout the Middle East, with some instances occurring in South Africa.
In case you were wondering, yes, this is a tool of cyber-espionage. The worm will even uninstall itself from machines which it doesn’t think are interesting. Or, if the machine proves to be quite interesting, a variety of plugins can be installed onto the virus for specific tasks of information gathering.
The actual code running Flame is fairly tiny: the program is just 3,000 lines, which would take an average developer about a month to write and test. The weight of the program, however, comes from the fact that the code was written in Lua. That necessitated dragging around a virtual machine, but it also meant that writing the code was far easier.
This might start a disturbing trend: creating complex viruses using next generation computer languages that make programming complex behavior simple. Where the 20 Mb file might have seemed huge a decade ago, that is hardly worth mentioning now.
It appears that Flame was made by a different group than Stuxnet. The architecture and personality of the worm is different, and coders always have a unique signature style.
The virus seems to first start infection through a phishing attack. It uses the same flaw as Stuxnet did, a hole in the printer code for Windows. That hole has been patched, but the problem is that one infected machine on a network can spread the worm to every machine on the network, even ones that are immune to the virus.
Researchers probably won’t fully understand Flame for another year, considering that it took several months for Stuxnet, and that was 20 times smaller. Or at least, that is Kaspersky’s estimate.
Photo by : .hj barraza