dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6
share rss forum feed


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Brano

Re: Flame: Massive cyber-attack discovered, researchers say

Flame-bait Questions

Posted by Sean @ 16:43 GMT |
There are many ongoing discussions about "Flame" right now — an espionage tool, information was disclosed about it on Monday.

There are plenty of questions from customers, and also from members of the press.

Mikko spoke with Clark Boyd of PRI's The World yesterday about the breaking news.

Symantec's Liam O Murchu spoke with Kai Ryssdal of Marketplace in a very "economical" conversation about Flame's functionality.

Some good questions have been asked. And plenty of hyperbole has been generated.

Here are some questions of our own.

• Am I protected from Flame?

That's the wrong question. You should be asking yourself this: am I at risk?

• Alright then, am I at risk from Flame?

Let's see, are you a systems administrator for a Middle Eastern government?

No? Then no… you aren't at risk.

The number of computers estimated to be infected with Flame is one thousand and there are more than one billion Windows computers in the world. You do the math. You're just as likely to win the lottery.

Additionally: Flame is not a worm. Its architecture includes wormable functionality but those functions are disabled by default. So Flame isn't spreading like a worm and therefore you won't be infected unless you've been specifically targeted.

And then there's the fact that Flame is now known to be in the wild. And so… it's been "turned off". Even Flame's targets are no longer at risk. The real power of an espionage tool is that it's a secret. Flame is no longer a secret and so it will therefore be abandoned. Operational security has been compromised.

• Okay, but still — in theory — am I protected?

We have detections for Flame and our current software blocks and prevents Flame from functioning based on our tests. If you have the most current version of your antivirus software and it's functioning properly with up to date databases, you should be good.

• So I'm safe?

Safe? Okay look… Flame is estimated to be at least two years old. That's old in terms of software code. And Flame is now a known quantity. You don't need to worry about it. Flame has been extinguished.

But…that isn't why you should find Flame interesting. The important thing about Flame is that it represents what else might be out there… the threats that are still unknown.
»www.f-secure.com/weblog/archives···372.html
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

wat0114
Premium
join:2012-02-20
Calgary, AB
It seems it would take a lot, mostly ignorance, to allow the installation of this in the first place. Depending on where you look around the Internet, some people are "buying into" this hype like it's the second coming of the computer infesting antichri$t BTW, looking at all those .ocx files it loads, AppLocker with dll restrictions enforced should stop it cold.

»www.crysys.hu/skywiper/skywiper.pdf