G-TechNote™: Flame Virus Prompts Microsoft to Boost Windows Security
Discovery of the Flame virus that mainly affected computers in the Middle East, has prompted Microsoft Corp to strengthen the security of a Windows program that helps customers secure their PCs and update software.
Mike Reavey, senior director of the Microsoft Security Response Center, said in a blog post that the world’s biggest software maker plans to boost security measures on the Windows Update software that is included with the operating system that runs the majority of the world’s PCs.
Microsoft disclosed over the weekend that the hackers who built Flame exploited a flaw in Windows that allowed them to trick PCs into believing it was a legitimate piece of software from Microsoft. The software was then downloaded onto computers using the Microsoft Update feature.
News of the Flame virus surfaced a week ago when cyber security experts described it as one of the most sophisticated pieces of malicious software discovered to date. They are still investigating the virus, which they believe was released specifically to target computers in Iran and across the Middle East, similar to the Stuxnet worm that attacked Iran’s nuclear program in 2010.
The security experts said Flame likely only infected several thousand computers and was targeted at entities that would be of interest to nations involved in espionage.
Microsoft said on its website on Sunday that it was releasing software to fix the bug using its Windows Update system. But security experts said machines infected with some advanced viruses may not benefit from that update because those viruses had disabled the Windows Update software.
That is partially what prompted the need to further boost the security of the Windows Update feature, they said.
“If Microsoft is going to ‘harden’ the update feature, they must also prevent writers of malicious software from disabling the updating process on local computers,“ said John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, a non-profit think-tank that studies the impact of cyber warfare.
Microsoft disclosed the plan to boost security of Windows Update late Monday on a Microsoft Security Response Center blog: blogs.technet.com/b/msrc/
Company officials could not immediately be reached to elaborate on Tuesday morning.
Yet Reavey said in a blog posted on Sunday that it was taking the flaw in Windows seriously because the bug could be exploited by developers of less sophisticated viruses to launch more widespread attacks.
Microsoft declined to say whether such attacks have already taken place.
3 Reasons You Need to Worry About the Flame Virus
The Flame computer virus is steadily stealing government intelligence in the Middle East, making it one of the most dangerous cyber-threats yet.
The cyber-weapon is reportedly capable of altering text and audio, intercepting keyboard input and disrupting network traffic, among other operations.
Researchers at Russia’s Kaspersky Labs discovered nearly 200 Flame infections in Iran, along with others in countries like Palestine, Syria and Saudi Arabia. Experts still do not know how the virus spreads or what its next target will be, but the world’s governments are on edge, with even the United Nations issuing a serious warning on Tuesday to safeguard systems against Flame.
Marco Obiso, cyber-security coordinator for the U.N. International Telecommunications Union, said the statement “is the most serious warning we have ever put out.“
The U.N.‘s formal notice tells nations the virus could potentially be used to attack critical infrastructure. Obiso believes Flame was likely built for a nation-state.
No government or organization has yet claimed responsibility for the virus, which has experts losing sleep for the following reasons:
Best Spy on the Planet
Flame’s longevity, sophistication and complication make it “one of the most complex threats ever discovered,“ according to Kaspersky’s Alexander Gostev.
The virus “may have been active for as long as five to eight years,“ giving it time to intercept and accumulate vital military and economic information, according to Budapest University’s Laboratory of Cryptography and System Security.
During that time, Gostev says Flame indiscriminately collected “emails, documents, messages, discussions inside sensitive locations, pretty much everything,“ suggesting it is a “complete attack toolkit designed for general cyber-espionage purposes.“
Flame resembles the Shady RAT virus that silently collected information from various governments over five years, intercepting important financial data to boost its creators’ economy. Both viruses ran undetected for so long partially because they worked slowly and steadily instead of conducting attention-grabbing attacks.
But Flame is more dangerous than its shadowy counterpart, as it has collected more information and contains a full 20-megabytes of complicated code that will take researchers time to unravel before they can stop it.
Worse Than Stuxnet
Gostev describes Flame as “a project running parallel to Stuxnet and Duqu,“ two notoriously damaging viruses capable of downing nuclear power plants.
Stuxnet crippled Iran’s nuclear centrifuges last year by altering the Siemens technology responsible for running the country’s power plants. Security officials say the worm’s anonymous creators may alter it to attack other industrial compounds, potentially endangering global electrical and water supplies.
Stuxnet’s cousin Duqu, which spreads through Microsoft Word, can multiply itself to gather and exploit sensitive information on government and business networks. The data-collecting virus may be serving as a military scout prior to cyber-warfare, experts warn.
Security analysts say Flame is even worse than these viruses, suggesting any government it hits may find its infrastructure critically compromised.
It Could Start a Cyber-War
No one has yet admitted to creating the Flame virus, but if its creators are found to receive government backing, the world may be in for a major conflict.
The U.S., for example, says it will use military force on any country supporting cyber-strikes against its critical industries.
The FBI now cites cyber-terrorism as the country’s number one threat, prompting the U.S. Cyber and Strategic Command to draft plans for future online and physical warfare.
In the words of one general, “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.“
Most countries under cyber-attack may resort to similar defensive measures, begging the question of what will happen if Flame’s creators if they are unmasked.
The virus also ushers in a new era in cyber-warfare, where countries fight online rather than on the battlefield. This kind of war may have dire consequences, putting everything from nuclear power plants to plumbing systems at risk and threatening to affect the lives of average citizens.