Flame malware continues to burn

Over the past couple of years a new breed of malware has been making headlines. These new attacks are very complex, and seem to be directed at precision targets of national or military significance—suggesting that they’ve been developed by nation-states as cyber weapons. New information suggests that these threats may have been developed much earlier than previously thought, and that some of the malware attacks are still evolving and/or have not yet been discovered.

Stuxnet, Duqu, and Flame all seem to be highly sophisticated malware platforms. A coalition of security researchers has been diligently working to unravel Flame, figure out what makes it tick, and learn more about its origins and purpose. The results of the investigation are intriguing and seem to create as many questions as they answer.

According to the Flame investigation, the developers worked very hard to disguise Flame as a legitimate CMS (Content Management System) platform. The data captured by Flame is heavily encrypted on the server using strong public key cryptography to ensure that only the attackers can access it. Your average malware developers don’t generally go to such lengths to protect the stolen data—supporting the idea that Flame is not your average malware.

As interesting as the inner workings of Flame might be, the researchers uncovered some other information which broadens the malware mystery. The researchers have determined that Flame is actually only one of at least four different malware strains referenced in the source code—and the other three are as yet undiscovered.

It turns out that Flame is not the most recent of the threats managed by the Flame command and control (C&C) servers. The most recent of the threats is dubbed IP, and there is evidence that another threat called SPE is currently active in-the-wild. The researchers also determined that the malware code is still evolving, and there is a new protocol—“Red Protocol”—that is not yet fully implemented.

From a cyber security and malware forensics perspective, this is all very interesting. But, what does it mean for you?

The answer is “Possibly nothing.”

By all means, you should still have a reliable cross-device security platform in place to protect your PCs, tablets, smartphones, and any other applicable devices from malware and malicious attacks. But, these threats appear to be designed by nation-states, and targeted specifically at enemy nation-states. Unless you happen to be a nation-state, you probably have little to be concerned about.

However, as more of these sophisticate threats are discovered and reverse-engineered by security researchers, the tricks and techniques that make them tick become public knowledge. That means that your average cyber criminal malware developers might learn a thing or two and apply some of the innovations from threats like Stuxnet, Duqu, or Flame in future malware attacks that are aimed at businesses and consumers.

The bad news is that these threats seem to have done a very good job of spreading in stealth and flying under the radar for quite a while before being discovered. The good news is that as the techniques used are unraveled, the security vendors get to learn about the innovative techniques at the same time as the malware developers, so as long as you keep you security software up to date you should be reasonably protected.

Subscribe to the Security Watch Newsletter