The Flame malware attacks continue to generate some interesting reactions on the web. One the one hand, they seem to be all over the place, and, yet, I am having a hard time disagreeing with most of them. Probably a good sign that we still may not know enough, or what we know hasn’t been analyzed enough to gain much consensus. Or simply the fact that, as they say in management, the 10,000 foot view can be very different than the view when you’re on the ground.
In Parmy Olson’s Disruptors blog for Forbes.com, talks about 3 takeaways about Flame; one of them being that what is happening now between governments will likely be an indicator of what corporate espionage will look like soon (if not already), and another being that some adversaries of nations will be forced to go low tech (a la bin Laden, a tactic we have seen repeatedly already in cases of terrorism and asymmetric warfare).
Meanwhile, Johannes Ullrich posted a diary entry at the ISC (Internet Storm Center) on Flame is almost derisive toward Flame and the attention it is receiving. His analysis of the toolset is that it is fairly clumsy compared to some malware tools available. It seems a lot of network administrators are asking how to detect whether they have Flame infections, and perhaps this is what sparks the author’s rant. He has a good point we should all keep in mind: focusing on a single, obscure threat is no way to design a network defense strategy. Granted, I can understand that these admins are probably going to be asked by an executive about Flame, because it is receiving enough media attention to cross into general awareness.
Last, but certainly not least, there is a longer article on Wired by Mikko Hypponen, the Chief Research Officer at information security company F-Secure, titled “Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet“.
I’m still mulling all this over, but I’m planning to come up with an opinion piece down the line.