Flame Worm one of the most complex threats
The jury isn't out yet on whether 'Flame' (also
known as 'Flamer' or 'Skywiper') is "the most lethal cyberweapon
to date" as some have claimed, or just a highly complex and
sophisticated piece of malware. But by only looking at the
volume of security vendors' blog posts dedicated to the malware
since its discovery this week, it becomes clear that Flame is
far from ordinary.
One thing we do know is that there is a lot that isn't known
yet. Because of both its size - when fully deployed, it is
almost 20 MB in size - and its complexity, researchers expect
the full analysis to take several months at least.
What is known is that Flame is a piece of modular malware that
has worm-like features, which allows it to spread on a local
network. The use of modules is not unique to Flame: prevalent
trojans such as ZeuS and SpyEye allow for the use of modules or
plug-ins. However, whereas the latter kinds of malware are used
to target the masses (steal online banking details, send spam),
Flame's capabilities, which include network-sniffing, taking
screen-shots and recording audio conversations, suggest it is
being used for cyber-espionage purposes.
So far, a few hundred infections are known, with victims varying
from individuals to state-related organisations. What victims do
share is that they most of them are located in the Middle East:
of the few hundred known infections, Iran features most
prominent as a location, followed by Israel and Sudan.
The complexity of the malware, the prevalence of infections in
Iran, as well as a number of technical features (such as the use
of the Lua scripting language), suggest similarities with
Stuxnet and Duqu. However, there are many differences too:
unlike Stuxnet it does not appear to target SCADAs and the
number of infections is probably significantly larger than that
of Duqu. It is currently unclear whether the malware uses any
It is well possible that Flame was developed by the same group
that developed Stuxnet and Duqu, though then likely as a
parallel project. Given the location of the infections and the
fact that developing something like Flame would require huge
resources, many believe the governments of one or more rich
Western nations are behind the malware. However, as with Duqu
and Stuxnet, no one has been able to prove such claims.
While it has been discovered only recently, it is believed that
Flame has been around for some time, possibly going back as far
as March 2010.
FBI Warns of Malware installed via hotel
The FBI has warned travellers against fake software updates
served through hotel connections which actually attempt to
The agency reports that it has seen instances where travellers
connecting to a hotel room's Internet connection are presented
with a pop-up of what looks like an update to a popular software
product. If the 'update' is accepted, however, malware is
installed on the victim's computer. The FBI does not specify the
type of malware installed or the motives behind the
A reliable Internet connection is essential for many business
travellers, but care should be taken not to compromise on
security: make sure all important information is sent over
secure HTTP or VPN and treat every alert - even those that look
familiar - with extreme caution.
Though the FBI explicitly warns those travelling 'abroad', there
is no reason why this couldn't happen in the United States.
Hotel Internet networks are not always as well secured as they
websites visited via a hotel Wi-Fi to push (harmless)
advertisements will have done little to reassure visitors.
We can take care of your security for
If you're not sure whether you
are protected or you would like your system scanned and
cleaned up, we can help.
This can be done at your office or home but could take some time and is
chargeable at an hourly rate.
Alternatively we can collect
your machine and return it to you when its finished, keeping the
cost down to a minimum regardless of how long it takes to
Click here to contact us and get your machine secured giving you peace of mind your information and personal details are going nowhere!