By Alfred Huger, VP of development, Cloud Technology Group, Sourcefire
It seems virtually every news source is covering the new Flame worm — a recent Google search on “Flame worm” yielded over 7 billion results. As with most press-worthy malware, much noise is being made about the complexity of this threat. It takes screen shots, logs keystrokes, monitors voice communications, and compresses and transfers that data over encrypted channels to command and control (C&C) servers. While it was clearly developed by sophisticated attackers, if you take into account that it appears to be highly targeted at computers in the Middle East and seems to be driven by information stealing as opposed to a monetary incentive, it is reasonable to conclude that the author is probably a nation-state.
The good news is that from the perspective of widespread malicious intent, it is unlikely a typical user will ever be infected by Flame. In some ways, however, Flame is similar to Duqu and Stuxnet, and we’ll likely see other threats that will build upon or be variants of Flame. In addition, if you look at Flame’s base attributes, you can describe dozens of pieces of malware or malware frameworks infecting millions of PCs in the wild today.