Tuesday, 29 May 2012

Flame malware: So big, so overlooked



The most "complex malware ever found" -- Flame -- has taken the information security world by surprise. Given that it is said to have been around for years, how did everyone miss it?
The most "complex malware ever found" -- Flame-- has taken the information security world by surprise. Given that it is said to have been around for years, how did everyone miss it?
Several security research firms, including Symantec, Kaspersky, and McAfee, have been hard at work analyzing a specific piece of malware in the past few days after the Iranian Computer Emergency Response Team posted an alert about malicious code designed to steal and exfiltrate information from infected computers back to a network of at least 10 command and control servers.
However, as Budapest University's Laboratory of Cryptography and System Security (Crysys) reported in its analysis of the malware, it "may have been active for as long as five to eight years." Crysys also reported that the malware's footprint is massive -- some 20MB -- in stark contrast to traditional malware, which attempts to keep as low a profile as possible to avoid detection. Furthermore, the malware also appears to regularly send out information to command and control servers, which should have raised the concerns of a discerning network administrator.
But despite these apparent red flags, the Flame war didn't heat up until just recently.
Read more of "How did everyone miss Flame?" at ZDNet Australia.

No comments:

Post a Comment