Here We Are Binary War
The discovery of the virus named “Flame” hiding on Middle Eastern energy facility computers has caused quite a stir. Although much is still unknown about the virus’ full capabilities, each discovery confirms what most security experts have been warning for years.
Malware is evolving into a much more dangerous creature, one that is far more difficult to protect against. Flame, Stuxnet, and Duqu are indicators that malware is being weaponized and created to attack specific targets on a very large scale. In the past, malware has frequently been engineered to attack specific targets but never with such sophistication.
In Robert Ludlum’s The Moscow Vector, a rogue scientist genetically engineers viruses to only affect specific targets. The virus has no effect on anyone but individual with whose DNA it was designed to attack. The accuracy with which the virus kills its target is extremely high compared to a generic disease that when released, may or may not reach its intended target. This is the theory behind Stuxnet, Flame and Duqu. They are designed, created and deployed with the specific instructions to reach specific targets.
Flame has successfully hidden itself from detection for years and recently has been sent a “kill” command which wipes the code off computers it infects. Stuxnet targeted Iran’s nuclear facilities and caused them to malfunction while suppressing alarms and fail safe. The aptly named Viruses are showing they have the ability to evolve past current security methods to evade detection.
The scariest part of the Flame virus in relation to the those not in the middle east is the 0-day vulnerabilities found that were used to spread the virus. 0-day vulnerabilities are previously unknown flaws in code of programs that can be exploited to gain unauthorized access or control of a system. The Flame virus exploited a flaw in Microsoft’s Update system that allowed the virus to label itself as a Microsoft Certified update. Copycat attackers could exploit this vulnerability to trick users into downloading malware through Microsoft updates. It is terrifying that malware could appear as an authentic Microsoft update. Microsoft has confirmed this is not something to take lightly when they released a patch to prevent the exploit days prior to their normal update Tuesday.
These types of viruses are a sign of things to come. Corporate espionage, cyber warfare between nations, cyber criminals, and hackivists are increasingly gaining in popularity as a means to conduct illegal activities with much less risk of being caught. Flame, Duqu, and Stuxnet are solid evidence that will help information security experts plead their case for more resources because governments and businesses are beginning to understand that we are not prepared.