In
the continuing saga of Iran and malware attacks, two conflicting reports have come out in the last
few days regarding the malware Flame.
The first article, taken from bbc.com, suggests that Flame worm is
possibly part of a much wider "family" and is older than previously
thought. It can now be traced back to
2006. Earlier in the summer, it was
discovered that the Flame worm was related to Stuxnet, malware aimed at disrupting Iran's nuclear aspirations, and
Dugu, another worm responsible for some data theft. According to the bbc.com article though,
Flame may also have other relatives. All
of this new information is the result of a joint study between Kaspersky,
Symantec, the Crypto Labs, and the UN's International Telecommunications Union. They were able to look at the servers that
control Flame and have found that the worm may have three other relatives that
have not been identified. In the
article, Prof Alan Woodward, a visiting professor at the University of Surrey's
department of computing, has asserted that while many believe this malware is
state sponsored, "the latest analysis showed little involvement from
intelligence agents."
I
discovered the second article for this entry while doing a little background
research. It had just come out and gives
some further insight into whether this may be state sponsored espionage. Brian Bloom discusses a lot of the same
topics as in the article above. He does
however add the fact that the password to the server was cracked by a Kaspersky
researcher, and that Flame was disguised as a content management system called
"Newsforyou." This article
however, cites a Reuters quote by unnamed U.S. security officials who have said
that both Flame and the Stuxnet,
another highly sophisticated worm targeted at Iran, were likely developed by a
U.S. organization. This is a contradiction to
the first article that is trying to downplay any government involvement.
The
bottom line is that whether or not this malware is government sponsored, the
creators should be ashamed of the way the malware was identified. According to the bbc.com article and Prof
Woodward, "Those behind [Flame] did try and destroy it. They may have known
that they were about to be rumbled, but they failed at the last minute by mistyping
the name of the file." This is a
scary thought it if is our government behind this. To think a simple filename misspelling could
bring down what many call the most sophisticated piece of malware ever. It should be interesting to see what new
information Kaspersky and Symantec can obtain from their access to the server
controlling this stuff and you can be sure that as more news comes out, I will
do my best to post it.
No comments:
Post a Comment