5,000 is the approximate number of computers infected in at least seven Middle East countries with the Flame (a.k.a. Flamer or sKyWIper) virus. Flame’s capability is to basically turn anyone’s computer into a double-agent — yes, like a whole lot of malware out there we don’t make a big deal about. “It covers all major possibilities to gather intelligence, including keyboard, screen, microphone, storage devices, network, wifi, Bluetooth, USB and system processes,” wrote its Hungarian discoverers a couple of weeks ago.
So, one can imagine this thing using your computer as a spy camera and audio recorder (and e-mail monitor, etc.), dumping the info into a local SQL store until a good time to piggyback the data out on some other data stream to a remote command and control server, itself hidden through a variety of methods. And then doing it again and again, all while spreading to more computers.
Of course, now that it’s been detected and we’re talking about it, it’s basically worthless. Microsoft released an update two weekends ago shutting it out of all Windows systems (which were its targets) and most any anti-virus software will catch it easily. But something even bigger than Flame is surely out in the world right now, collecting information and probably doing way more than that. Why is it possible that a boss-level Stuxnet/Flame virus is cruising around? Well, it’s suggested by where the Flame virus came from.
Meet Resource 207, a plugin for Flame also used in earlier versions of Stuxnet. This connecting-the-codes comes courtesy of security firm Kaspersky Lab, which announced it a couple of hours ago. According to Kaspersky, “This means that when the Stuxnet worm was created in the beginning of 2009, the Flame platform already existed, and that in 2009, the source code of at least one module of Flame was used in Stuxnet.” And we know that Stuxnet was a U.S. cyber-warfare program. So there you go.
It’s that connection that implies that the U.S. deployed Flame as a massive-scale spying program, presumably targeted at Iran (where most of the infections have been found). There’s still a lot to untangle about Flame; it is, after all, the most complex piece of malware ever detected. And there is also the next, bigger and badder thing, a couple years — probably less — down the road. And then after that. Eventually, we’ll find something amazing and dangerous on U.S. computers, if we haven’t yet. And then, more escalation and even more, until what? Nothing good.
Reach this writer at email@example.com.