Flame - Who Is Watching You Right Now On This Computer

June 6, 2012: In May of 2012 the Kaspersky Lab, MAHER Center of Iranian National CERT, and CrySyS Lab (Laboratory of Cryptography and System Security) of the Budapest University of Technology and Economics discovered something strange on Iranian Oil Ministry’s computers. As Kaspersky Lab delved deeper, they discovered an MD5 hash and filename which they "Flame".

Flame (also known as Flamer, sKyWIper, and Skywiper) is a modular computer malware/spyware that, right now, attacks computers running the Microsoft Windows operating system. Purportedly, the program is being used for targeted cyber espionage in Middle Eastern countries. It is the most complex malware ever found. Flame can spread to other systems over a local network or via USB stick. It can record audio, screenshots, keyboard activity and network traffic. The program also records Skype conversations and can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth-enabled devices. This data is sent on to one of several command and control servers that are scattered around the world. It is rumored (by Israel National News) the latest version of Flame can be turned on to act like a telephone or video devise without the user’s knowledge. In other words, someone could be listening and/or watching you now.

It was rumored (by India Times) that Microsoft’s computers became infected with the flame virus on Sunday (June5). Microsoft’s official stance (per Reuters) is: Mike Reavey, senior director of the Microsoft Security Response Center plans to boost security measures on the Windows Update software that is included with the operating system that runs the majority of the world's PCs. Over the weekend, Microsoft disclosed, the hackers who built flame exploited a flaw in Windows that allowed them to trick PCs into believing it was a legitimate piece of software from Microsoft. The software was then downloaded onto computers using the Microsoft Update feature (not over a local network or via a USB stick).

Microsoft said (on its website) that it was releasing software to fix the bug using its Windows Update system. But security experts say machines infected with some advanced viruses may not benefit from that update because those viruses had disabled the Windows Update software. This means you could be infected if you connected with Microsoft on or after Sunday (June 5).

John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, a non-profit think-tank that studies the impact of cyber warfare, said, "If Microsoft is going to 'harden' the update feature, they must also prevent writers of malicious software from disabling the updating process on local computers."

Microsoft officials could not immediately be reached to elaborate on Tuesday morning and declined to say whether such “attacks” have already taken place. Security experts say flame likely “only infected several thousand computers and was targeted at entities that would be of interest to nations involved in espionage.”(Reuters)

Norton and other computer security companies are already advertising protection against the flame virus. But the general consensus is, there is no real protection from flame at the present time.

So who is watching you right now?

Brought to you by: Another break from the poetry

Sources: israelnationalnews, indiatimes, reuters, Microsoft