TECHNOLOGY SPECTATOR: How bad is the Flame virus?
- {{x.value}}
{{ twilioFailed ? 'SMS Code Failed to Send…' : 'Enter verification code' }}
{{ completedStep1 ? 'Authentication & Security' : content.trialHeading.replace('{0}', user.FirstName) }}
{{ content.upgradeHeading.replace('{0}', user.FirstName) }}
The email address you entered is registered with InvestSMART
Please login to continue
We have sent you an email with the details of your registration.
Looks you are already a member. Please enter your password to proceed
{{ upgradeCTAText }}
Updating information
Please wait ...
Your membership to InvestSMART Group recently failed to renew.
Please make sure your payment details are up to date to continue your membership.
Having trouble renewing?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
You've recently updated your payment details.
It may take a few minutes to update your subscription details, during this time you will not be able to view locked content.
If you are still having trouble viewing content after 10 minutes, try logging out of your account and logging back in.
Still having trouble viewing content?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
Please click on the ACTIVATE button to activate your Intelligent Investor 15-day free trial
Please click on the ACTIVATE button to finalise your membership
Unsuccessful registration
Registration for this event is available only to Eureka Report members. View our membership page for more information.
Registration for this event is available only to Intelligent Investor members. View our membership page for more information.
- You are already registered for this event.
- This event is already full.
- Please select a quantity for at least one ticket.
- {{ i }}
Forgotten password
Please enter your email address below to request a new password
- Verify your email address by clicking on the link we sent to {{user.Email}}
- You now have free access, we look forward to helping you on your financial journey.
The media has gone crazy about the Flame worm which has been seen infecting computers in the Middle East (Iran, in particular). However, are the news headlines doing a good job of educating the public about the seriousness of the incident?
Flame has been called "the most complex threat", the world's "most sophisticated cyber weapon", and we've even been told it's "much bigger than Stuxnet".
But what does that actually mean? Yes, Flame is bigger than Stuxnet, if you're counting bytes. Flame, with all of its modules and libraries, can come in at close to 20MBytes. That's about 40 times larger than Stuxnet – which was itself portly by malware standards. So, yes, Flame is much bigger.But my guess is that number of bytes wasn't what you were thinking of when you read the headline.
 After all, as we should always remind ourselves, size doesn't matter. What matters to most computer users is whether they are likely to become infected by the malware or not, and how many computers it has infected.
Kaspersky, which made the biggest media splash regarding Flame has only discovered a few hundred computers infected by the malware.
That's not that big. In fact, it's pretty insignificant when you compare it to the 600,000 Mac computers which were infected by the Flashback malware earlier this year. There were reportedly  274 Flashback-infected computers in Apple's home town of Cupertino alone – that's more infections than there have been found of Flame in all of Iran!
And let's not forget other malware outbreaks of past years - Conficker, Sasser, Sobig, Code Red – all much more significant in terms of number of infections than Flame.
20MB is a hefty piece of code by malware standards, there's no doubt about that - even if much of it is made up of code libraries.
But it's worth realising that it's much, much easier writing protection for a piece of malware than analysing what it actually does.
A complex examinationÂ
What's going to take a while is dissecting Flame to find out all of its quirks and functionality, not protecting against it. When you hear anti-virus experts talk about Flame's complexity, chances are that that's what they're referring to.
Because, at its simplest level, Flame isn't doing anything different from the vast majority of other malware we see on a typical day.
Every day, we see approximately 100,000 new pieces of malware and most of them have the ability to steal information (by grabbing keypresses, taking screenshots, stealing your files) just like Flame.
Of course, Flame doesn't really represent much of a threat anymore. Every anti-virus worth its salt (and even a few crummy ones I expect) now detect it and protect against it.
Whoever was behind it will likely be feeling pretty grumpy, or working hard on a new version which they hope will be able to skirt past defences.
So let's keep things in perspective. Chances are that your computer is more at threat from some of the many other examples of malware that are in existence out there.
Furthermore, you shouldn't need to be doing anything out of the ordinary to protect against these threats - keep your anti-virus and security patches up to date, take care over what software you install and the USB sticks you insert into your PC, run a layered defence inside your organisation. You know the drill by now.
I'm not saying that Flame isn't newsworthy. It clearly is.
Sparking the 'Flame'
If I was a betting man, I'd probably put money on a state agency being involved in the creation of Flame. This seems to be being reported as fact, but there certainly isn't any proof yet.
Not that the absence of evidence will stop some of the reports - after all, Flame has all the familiar ingredients to add to the ongoing narrative of how states could be using the internet to spy upon each other.
The Laboratory of Cryptography and System Security at the Budapest University of Technology and Economics has published an indepth analysis on the malware, which it has named "Skywiper".
CrySyS's 63-page PDF report says that it began to analyse the malware earlier this month, and hypothesises that it was "developed by a government or nation state with signigficant budget and effort, and may be related to cyber warfare activities."
However, that's nothing we haven't heard before, and it's hard to think of anything new typical computer users should be doing to protect themselves.
Graham Cluley is a senior technology consultant for Sophos and a writer for Sophos Security blog. See his profile and his other work here.Â
Call 1300 880 160
Start a chat
Schedule a call
