The buzz in cyberspace now is about the biggest, the most powerful, and the most complex computer virus ever discovered — variously called Flame, Flamer or Skywiper. It has sent alarm bells ringing, and has reminded us, for the umpteenth time, how even the best-protected network can be broken into.
The virus hit headlines in March/April this year, when the Iranian oil ministry was affected. And a few weeks back, researchers found Flame similar to Stuxnet virus that had disabled the centrifuges in an Iranian nuclear plant. What has stunned experts is the complexity of Flame, the size of which was 20MB, while Stuxnet was only about half a megabyte.
Calling it the dawn of a new era in cyberwarfare, Kaspersky Labs said the virus was “destined to leave an indelible mark on the cyber weapons’ landscape”. Symantec research shows Flamer has been operating for at least two years with the ability to steal documents, take screenshots of users’ desktops, spread via USB drives, disable security vendor products, and under certain conditions spread to other systems. One mode of operation is Bluetooth.
According to Shantanu Ghosh, VP and MD, India Product operations, Symantec, the Bluetooth functionality of Flame is embedded in a module, which when triggered in accordance with the configuration set by the attacker, can result in two actions: one, scan Bluetooth devices in the range, and once detected, steal details like the ID; and two, the infected computer itself will appear when any Bluetooth device scans the local area.
It is networks in mainly West Asia that have been affected, but Ghosh says infections have been reported from Hungary and Hong Kong. Are we in India under threat?
Kaspersky says that it recorded instance of attacks in India. Says Alex Gostev, chief security expert, Global Research and Analysis Team, Kaspersky Lab, “Only a few detections by Kaspersky Lab anti-virus were registered on the computers with Indian IP address. But that can be any user even a tourist from another country who was in India at that moment. The countries worst hit by Flame are Iran, Israel/Palestine, Syria, Lebanon.”
Says Ghosh, “This threat is highly targeted and not likely to impact most users. In addition to particular organizations being targeted, many of the compromised computers appear to be personal computers being used from home Internet connections.”
However Naresh Raval, a web developer, sounds a word of caution. “You never know. Security agencies have all said Flame is so complex that they haven’t fully understood how it works. Internet is a vast global network, and it doesn’t take much for malware to spread, and wreak havoc.”
(This article appeared in the Wireless World column of The Times of India, Bangalore, today)