Malware + Security & Privacy

Flame is No Reason to Panic

Posted on May 30th, 2012 by

There has been a whole lot of talk over the last few days about a newly discovered threat called Flame. From a researcher perspective, this threat is a huge yawn for most of us. The functionality that is being touted as so smart and scary has been utilized by well-known malware for well over a decade. And at this point, there have been only a few hundred to a thousand infections worldwide. Most of these infections have occurred in the Middle East.

From where I sit, there are two notable things about Flame: it’s programmed in a language that is much more commonly used for writing video games, and it’s massive. Malware authors usually pride themselves on writing code that is as compact and efficient as possible, but this threat is dozens of times larger than your average malware. It’s giant and bloated, which is why this threat will take so much longer than normal to analyze. That’s not new and it’s not cool. It’s strange, and possibly a bit lame.

From the perspective of the average user, the Flame coverage is a lot of sound and fury signifying nothing.

For those of you in the Windows world, there is Zeus (aka ZBot), which is a much larger threat that still has more infected users than Flame at its peak, partly due to its ongoing development and constant updates. Zeus too is spyware, with many advanced features to allow it to steal your data. At its peak, Zeus was infecting hundreds of thousands of users.

On the OS X side, at its peak the Flashback malware had many hundreds of thousands of infected users, which is a much greater percentage of the total OS X user-base. Even months later, we see well over 100,000 users who are not heeding the warnings to secure their systems. While Flashback is not as full-featured in its spying capabilities as Zeus or Flame, that doesn’t make it any less dangerous. As Zeus and Flashback have been much more widely distributed, they’re stealing information from the average user around the world, not just in a small handful of countries and in certain targeted industries.

There are many more mundane threats that are out there that should cause us genuine concern. There are many tens of thousands of Windows threats discovered every day, many of which have spying functionality. OS X is obviously not at that threat level, but it too is not immune from major malware threats.

The lesson we should take from this is that there are a lot of unprotected users out there, which increases the threat for all of us. A user-base is like an eco system. If malware authors see a complacent user-base, it’s an easy target. People who don’t update their OS or other software to contend with security issues, people who don’t use up-to-date security software, they’re easy pickings.

There are many users who think they’re immune, or that malware infection won’t happen to them. This is clearly not the case, and there are many people out there who are infected and unaware.