What’s this Flame Virus all about?

What is the Flame Virus?

First off, if you haven’t heard anything about the Flame Virus, you may want to start here

Here is what is important to you:

• Flame Virus (also called sKyWIper) was deployed in May, but may have been around since ‘07
• The virus had a suicide command sent out this month, essentially deleting and ‘recalling’ the virus
• Designed to get in to Windows systems only
• Currently being called the most sophisticated Malware yet

The Good

• Looks like it was designed (everyone is pointing at Israel) to disrupt Iran’s nuclear program
• The virus has ONLY been reported in the Middle East, and a couple random countries (Iran/Syria/Lebanon/Egypt/Sudan/Saudi/Palestine and reportedly Hungary, Russia and Hong Kong)
• On June 3^rd, the people running the virus sent out a suicide command, wiping the virus

The Bad

• The suicide command wiped all information and trace of the virus
• The virus could make a comeback, and as of now there are no real security measures that have been put in place

So What?

Essentially, the virus has the capability to wreak some havoc (it can record audio, take screen shots, record keystrokes/passwords, create files, hell it can even record Skype calls… it’s multi-purpose). Although at this point, the virus is gone due to the suicide commands sent out- most are documenting this as the Israeli government (or whoever is controlling it) trying to cover its own tracks before the virus can be traced. Until further information is released, there really is not much that we as a company can do, or warn people about. Risk is not high here in Canada, but the potential of the virus would definitely worry people.

Microsoft recommends what you would think—keep windows up to date, antivirus up to date, have a firewall, be careful of which files transfers you are accepting, etc.… No other course of action on how to protect has been suggested. Alert is currently low, as the it appears the virus has essentially been recalled.

• Here is a really good article on the virus, if you wanted to take a quick read:  http://rt.com/usa/news/flame-virus-suicide-stuxnet-743/
• And a couple other articles about the recall and the virus itself…
• Symantec Suicide Command breakdown: http://www.symantec.com/connect/blogs/flamer-urgent-suicide
• CBC article discusses problems and relation to old Stuxnet virus: http://www.cbc.ca/news/technology/story/2012/06/08/tech-flame-virus-removal.html
• Discussing the virus passing with a Microsoft security certificate: http://ktar.com/22/1551571/Flame-virus-prompts-Microsoft-to-boost-security
• More info about the virus/suicide command: http://www.tgdaily.com/security-features/63944-flame-virus-wiped-out-by-its-creators

Now What?

Well, first off, we don’t like to panic folks needlessly. But now, like really anytime, is a good reminder that you should:

1. Ensure you have a good firewall on your computer
2. Ensure you have good (and recently updated) antivirus. No, not the free stuff, you GET WHAT YOU PAY FOR…
3. Don’t click on links just because some email told you to.  If you receive a suspicious email telling you to go somewhere and change a password or login to a website – instead, go to the website directly (type it into your browser) and login properly – then look for whatever ‘action’ you were prompted to do

Thanks to Jarrod our whiz bang new Co-Op student for assembling all this helpful material.  Man its nice to have smart people around me I can delegate to.