New Worm Challenges Information Security Industry

By Ken Presti
May 29, 2012 7:42 PM ET

Page 1 of 2

The information security industry is now focused on a new attack vector that seems like it might be modeled on the Stuxnet worm, discovered in June 2010, and the Duqu worm, which was identified last September.

The new threat is known by a number of different names, including “Flame,” “Viper,” and “Skywiper.” It has been found over the weekend in the Middle East, most notably used against Iran. While there is widespread speculation that this development represents some sort of state-on-state attack, the validity of this theory is far from proven.

The worm’s capabilities are quite extensive, and full investigation is likely to go on for months. But known capabilities include information theft, the ability to detect more than 100 security products, the ability to scan network resources, and the functionality to read screenshots and record voice conversations. It communicates with its command and controlled servers over SSH and HTTPS protocols.

[Related: 10 Security Predictions]

“The thing that jumps out at me the most is the amount of encryption,” said Dave Marcus, director of advanced research and threat intelligence at McAfee. “There are a lot of similarities with other attacks, but the level of encryption that went into this one is significant.

While Flame does not appear to be an imminent threat to corporate networks outside the Middle East at this point, Marcus added that some of the functionalities might be seen repeated in other forms.

“The long-term concern is that malware writers tend to co-opt each other's code,” Marcus said. The code used in Flame is particularly modular, so long-term this will have effects on other malware because they will be able to drop modules from this worm into new attacks.”

The level of encryption does not appear problematic to Vikram Thakur, principal security response manager at Symantec. “We can decrypt and understand this,” he said. “It just takes more time to do so.

We have a pretty extensive understanding of what Flamer does. The part that we’re missing is how it does certain things, but I think we will be able to figure out those things, as well.”

NEXT: Experts Speak To Why Flame Is Unique, How Partners Can Protect

1 | 2 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows