Been reading here and there all day about the newly publicized Flame malware
package (aka Skywiper), which seems able to launch depth attacks or even offline spying operations (by using the computer's inbuilt mics, webcam etc against the space where the machine is at any time). The thing gets described by malware/security experts as the most complex and skillfully devised piece of computer attack code ever, almost a quantum leap in stealthy and dangerous spyware. It's been operating out there since at least 2010, perhaps since 2007 and is able to track what kind/s of security software is installed on the machine and, if I got it right, shapeshift the way it operates to get past them. It's able to track and forward any URL one is accessing, remote any search (and probably the search results), steal mail, account passwords and entire Skype conversations, track keylogging and connections to other devices in the network - and apparently it's cross-platform and has outmaneuvered even fully patched Windows 7 machines. This doesn't sound fun at all.
The slim luck, to us not-so-VIP users, is that so far the attacks have been very targeted, it's been a small number of infected machines, perhaps just a few thousand and most of them in the Middle East and connected to governments, military and intelligence agencies (which suggests that somebody with state backing, and interests in the Middle East, is behind it). On the other hand, some who have been attacked may have wished to keep silent about it. But that all really shows that the people behind this knew what they wanted and are capable of guiding their malware. And successful malware does have a tendency to spread: people in the wider hacker community want to emulate the exploits.
I'm not enough of a pro with computers to gauge how much of a general
danger, beyond Flame itself, this package poses to any of us ordinary pc or smartphone users, in the near future. I should think it's serious, because of the emulation risk and becuase business servers (or even data clouds) could also be targeted or fall victim to targeting or drive-by attacks with code developed from Flame, but I can't really judge on it. So what do you more experienced geeks, or web interested people, here think?
* Now that the package is in the open, and the full code is at least in the hands of various spooks and state security agencies, is it likely that it will soon spread to the malware-maker community as well (from a backdoor out of the said agencies, or by quite different routes)? If they get hold of it, it's a safe bet they will try to produce their own versions and spread them much further, isn't it?
* Could this be the onset of a new wave of pc, phone and mobile device hijacking malware, harder to trace because the code is better designed to disguise itself on an infected device (apparently, Flame uses stealthy rootkits) and more often cross-platform?
* Is this going to lead to louder calls for state/military/international surveillance of the internet? Would such calls be justified?
* Will some programs and OS components need to be heavily patched in the near future to make them reasonably safe to use? Of course, some programs get patched all the time, Adobe Flash Player, the Chrome browser, Internet Explorer and Microsoft .NET Framework among them, but is the presence of this new complex threat going to push a new wave of patchwalling, because there's a need with the software makers to be on one's guard, to be one step ahead?
* Will this spell a delay in the release of Windows 8, or of other new OS versions and upgrades?
Just a few questions I feel concerned about....Flame FAQ
(from Information Week)