I’ve been occupied elsewhere, so I’m just coming up to speed on the latest computer malware (should we be considering these things to be super malware? ), Flame. Wired’s Threat Level has a great article on it, written by Kim Zetter, for catching up on it. Dark Reading has some additional perspective on how this malware has existed undetected for possibly several years in an article by Kelly Jackson Higgins.
Flame seems to be a very robust piece of software that uses a broad set of tools to conduct its mischief and mayhem; its distribution seems to be very targeted, and there are indications that it may be another piece of “state sponsored” code. I keep wondering if you really need a state to sponsor such projects, or if any sufficiently organized and motivated group with the right talent and resources could do something similar? Is it really more a difference of approach? Consider the difference between phishing and spear phishing.
All that is scary enough, but the one quote that sends shivers down my spine is this one from Zetter’s article:
The researchers say they don’t know yet how an initial infection of Flame occurs on a machine before it starts spreading. The malware has the ability to infect a fully patched Windows 7 computer, which suggests that there may be a zero-day exploit in the code that the researchers have not yet found.