'Flame' Malware Said To Be Targeting Iran: Huge Deal Or Huge Hype? | WAMU 88.5 - American University Radio

NPR : News

'Flame' Malware Said To Be Targeting Iran: Huge Deal Or Huge Hype?

Word from the antivirus experts at Kaspersky Lab that "we've found what might be the most sophisticated cyber weapon yet unleashed," and that this Flame spyware is targeting Iran and some places in the Middle East, is getting lots of attention this morning:

-- "Massive Cyber-Attack Discovered, Researchers Say." (BBC News)

-- "Cyberwar Fears After Bug Targets Tehran." (Financial Times)

-- "Iran Facing 'Stuxnet On Steroids' Attack." (Forbes)

Before buying into the dramatic headlines, though, check these related stories:

-- Wired's Threat Level blog, points out that unlike Stuxnet (which did actual damage to Iran's nuclear program), Flame appears to be "an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years." In other words, it's more akin to a wiretap than a bug designed to do damage.

-- PCWorld runs through the reasons why the fuss over Flame may be more media hype than reality. And it writes that:

"A Webroot spokesperson says the security vendor takes issue with the hyperbolic claims about 'Flame', and claims the underlying threat has been known since 2007. 'In terms of sophistication we believe it is nowhere near Zeus, Spyeye or TDL4 for example. Essentially Flame at its heart is an over-engineered threat that doesn't have a lot of new elements to it--essentially a 2007 era technology.' "

PCWorld adds, though, that "there is one element of Flame that Webroot believes may be unique. ... Many antimalware tools use some form of reputation analysis to help determine if a given program is malware or not. Essentially, if the executable has been seen before, and hasn't done any previous harm it gets a bit of a 'free pass' — it has proven itself and earned some level of trust. Webroot feels that the amount of time that has passed between the initial development of the underlying Flame code and its active use as a tool for cyber espionage or cyber warfare may have been an intentional effort to game the reputation system and sneak in under the radar."

NPR's Tom Gjelten is working on the Flame news, and may have more to report later today on All Things Considered. We'll update as the story develops.

Update at 3:45 p.m. ET. In the report he's preparing for All Things Considered, Tom says that:

"The Kaspersky lab is comparing the Flame virus to Stuxnet, the computer worm used to physically disable centrifuges key to Iran's nuclear program. Stuxnet was clearly a weapon. But James Lewis at the Center for Strategic and International Studies says Flame should be put instead alongside the many other software programs designed by governments to help them steal commercial and security secrets from their adversaries."

Copyright 2012 National Public Radio. To see more, visit http://www.npr.org/.

NPR

Weekend Musher Finds Dogs Keep Her Hanging On

Julia Bayly of Fort Kent, Maine, works as a reporter at the Bangor Daily News. Her passion outside of work is dog sledding. It's the latest installment in our hobby series "Alter Egos."
NPR

When Zero Doesn't Mean Zero: Trans Fats Linger In Food

One in 10 packaged foods still contains trans fats, according to a new study. The problematic oils give foods a rich taste and texture and extend shelf life, but have been linked to heart disease.
NPR

Rep. Ryan Calls For 'Culture Of Inclusion' To Tackle Poverty

Congressman and former Republican vice presidential nominee Paul Ryan discusses his new book, The Way Forward: Renewing the American Idea.
NPR

New Amazon Series Pilots Fall Short Of A TV Revolution

NPR TV critic Eric Deggans ranks Amazon's new batch of five series pilots, asking why none of them seem break the rules of TV quite enough to draw attention.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.