GCN LAB IMPRESSIONS
Is the do-it-all Flame spyware OK if it's on our side?
Recently, the good folks at Kapersky Lab, along with other researchers, announced the discovery of a piece of malware that was infecting computers, mostly in the Middle East, and collecting data for later retrieval.
This spyware package, which is codenamed Worm.Win32.Flame, pretty much does it all: sniffs network traffic, logs keystrokes, takes screenshots, and even records audio conversations if a microphone is present on the computer.
Flame apparently uses all sorts of classic ploys to get into place, such as backdoor hacks, Trojan attacks, and worm-like reproductive features. Once it is in place, an operator can retrieve the data remotely, and upload additional modules as desired.
‘Flame’ raises spyware to new levels, but who’s behind it?
When fully deployed, the Flame package is almost 20M in size, easily making it one of the most complex threats discovered to date. More detailed information about it can be found on Kapersky’s Securelist blog, which is highly recommended reading.
Last summer, when Stuxnet reared its head, I noted the rumors that it was a state-sponsored attack. I also weighed the pros and cons of using something like malware in the pursuit of trying to hamper Iran’s nuclear weapons program.
Well, it looks as if Flame — which also is knows as Flamer and sKyWIper by other security teams — might have also been state-sponsored. At least, the Kapersky blogger seems to think so. It was also noted the most reported infections by far (over twice as many as any other country) have been in Iran, followed distantly by Israel/Palestine.
Given this, it brings us back to the quandary I had brought up in the Stuxnet article — is it right to use malware for espionage, or other state-sponsored attacks? Is it wrong if China does it but OK for the United States? Should we be impressed with Flame or horrified by it?
Since I had been a network administrator for so long, you might say I have a personal bias against viruses and other malware. So the thought of using them for any purpose, whether it turns out to be a good one or not, is something I have some trouble swallowing. But, as we all know, nothing is as cut-and-dried as all that, and the reality is very complicated.
So what do you all think? Should the United States be in the business of employing viruses and malware, if indeed we are behind this one?