Connect with us

Hi, what are you looking for?


Malware & Threats

Sometimes It’s Hard To Get Rid Of An Old Flame

Flame Malware

The description leaps off the pages like a Hollywood blockbuster in the making.

Flame Malware

The description leaps off the pages like a Hollywood blockbuster in the making.

The Flame malware, whose aliases include sKyWIper and Flamer, is alleged to have been developed or commissioned by a joint U.S. and Israeli effort with the secret mission of compromising the computer systems of Iran’s government in a sophisticated multi-year, multi-million dollar operation designed to slow the country’s ability to develop a nuclear weapon.

And once discovered the virus’ creators ordered it to self-destruct. The malware which gets its name from the letter string encountered at many places in the code, infects select Windows targets that may include servers or laptops with the purpose of stealing information including keystrokes, passwords, contacts, microphone and camera inputs, screen-captures as well as network traffic.

It can even use Bluetooth connectivity to cull data from nearby smartphones and tablets. It then sends this information to Command and Control (C&C) servers, 80 or more, throughout the world so that the intelligence can be harvested.

The malware is believed to have been operating in the “wild” for at least two years but some estimates say perhaps as many as five to eight. In terms of complexity, as a comparison you may remember the Stuxnet virus that compromised Iranian computers at alleged uranium enrichment facilities.

Well according to the Budapest University of Technology and Economics Flame is twenty times as big. Unlike Stuxnet; however, whose ultimate aim was to disable centrifuges, Flame doesn’t aim to damage its hosts, rather its main purpose is espionage. So far this threat has caused concern in the Middle East and Eastern Europe where it has been reported but what about risks to the rest of us in other parts of the world?

The Flame malware is highly modular in architecture and according to experts could be theoretically augmented or leveraged by less adept cyber-attackers with aims much more pedestrian than espionage. However experts can’t seem to agree on what the likelihood of such exposure is for individuals and businesses worldwide.

In fact, Flame has been so controversial that some highly respected security analysts laugh off the threat while others take a cautious approach that there is still a lot we don’t know. Whether this malware is a single purpose, impossible to manage, now decommissioned espionage device or a Stuxnet evolution that can be studied, reverse engineered and leveraged to spawn new malware types will take some time to determine if ever.

Advertisement. Scroll to continue reading.

And given all of the speculation around the malware’s inception and attack path, this is a debate that is likely to rage on for a while. Still there are some things we now know for a fact regarding Flame and there are precautions you can take as part of your security update regimes.

In short update your Windows systems with the latest security patches and your security systems too. Besides infected USB drives and file shares, one way that Flame can propagate is using compromised Microsoft root certificates. This essentially tricks systems into installing the malware because the systems believe it to be a legitimate update from Microsoft. Patches have already been released one of which will automatically look for untrusted certificates against the disallowed Certificate Trust List (CTL).

The second step involves updating your Anti Virus protections and intrusion detection (IDS) as well as intrusion prevention systems (IPS) with new signatures lists that include protections from some Flame based exploits. Symantec, Check Point and Juniper Networks among many others have such product updates available.

Both Stuxnet and Flame, after examination, are light-years more advanced than anything in use by common criminals. Now that these state-sponsored malware samples are being distributed and dissected, we can expect to see a significant increase in complexity and sophistication of “common” malware, thanks to these examples. That is, these super-malware samples are going to give criminals all kinds of new ideas on how to be evil.

On the whole, with only about 1000 machines infected today out of millions worldwide, the probability to exposure remains low, but just to be sure this old Flame doesn’t come knocking, make those updates.

Related News: Microsoft Certificate Was Used to Sign “Flame” Malware

Related Related Reading: What Flame Means to the Enterprise

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Cisco is warning of a zero-day vulnerability in Cisco ASA and FTD that can be exploited remotely, without authentication, in brute force attacks.