Flame virus doesn't pose a risk to the public... yet
Ever since word of the Flame virus first got out the superlatives have come in thick and fast.
Analysts have competed with themselves to describe it as the most complex, the deadliest, largest and most comprehensive virus ever uncovered. In many ways it is all these things and more. But does it pose a risk to the average internet user?
The short answer at the moment is no. Whoever created Flame did it with a very specific agenda – the targeted acquisition of intelligence on very specific networks primarily in the Middle East.
While it is frighteningly capable, it is not particularly infectious. When organised criminals create malware they often try to make their product as virulent as possible. The more computers you infect, the bigger pool you get to swim in looking for ways to make money and pilfer data.
Flame is a much stealthier beast. Most likely the product of a nation state, it has been created to surreptitiously infiltrate designated networks and harvest as much data as possible without being detected. Once it is inside a system it works at a level of comprehensiveness and sneakiness that has rarely been seen before. But in the two-five year period Flame is thought have been in existence, it has infected hundreds of computers in the Middle East, not millions of computers worldwide.
Flame could become a danger to the public, however, if criminal networks are able to get their hands on some of the coding that has made it so effective. That is what happened with Stuxnet.
Even more targeted than Flame, Stuxnet was developed – most likely by Israel or the United States – to disrupt Iran’s nuclear programme by exploiting the very specific Siemans computer systems that were used by Tehran in its uranium enrichment facilities
On its own it was harmless to other systems. But once the coding became public – an inevitable side effect of analysing and defeating viruses – criminal groups were able to take sections of the virus and develop it for their own nefarious purposes. Malware using Stuxnet’s capabilities soon began to surface on the black market and cause carnage online.
Any malware worth its salt looks out for anti-virus software once it’s inside a machine. A sophisticated virus might have between 20-50 defences already built in to counter security software. Cyber security researchers have told me Flame has an astonishing 346 separate defences. The list, which is circulating among professionals, is not being made public in a bid to keep it out of the hands of criminal networks. We can only hope it stays that way.