“The sophistication and modularity of these two pieces of malware show us that highly competent individuals, possibly backed by governments, are involved” said Garth Brown, president of the Semaphore Corporation, a Mercer Island, Washington-based VAR. “The days when security threats were mostly coming from kids are now over. I expect to see an uptick in security spending, which until now, has usually happened only by the companies that get hit. As an industry, we haven’t had the right mindset. Hopefully, this changes that.”
Considered one of the most advanced pieces of malware ever discovered, Flame can upload a wide range of computerized information to command-and-control servers. It can also inject code, download additional malware, copy itself, delete itself and conduct a number of other operations, backed by complex encryption. It was also able to leverage unauthorized digital certificates to make itself appear to be a Microsoft update until Microsoft patched that vulnerability last week.