Is the Threat of the ‘Flame’ Virus Being Overblown?

Flame (Image: PC World)

As the United Nations has issued a strong warning on the latest cyber-security threat identified as “Flame,“ some are saying the hype over the computer virus found in Iran and other countries is being ”overblown.”

(Related: ‘One of the most complex threats ever discovered’: New cyber weapon found in Iran) 

The virus, which appears to have been developed about five years ago according to reports, is being called bigger than the Stuxnet worm. The U.N.’s International Telecommunications Union representative recently said “this is the most serious warning we have ever put out.“ Orla Cox for the security firm Symantec called the virus ”huge“ and ”unlike anything we’ve seen before.”

At the same time though, PC World reports that some consider the claims “hyperbolic.” The security company Webroot is one such entity. PC World reports a Webroot representative saying “Flame at its heart is an over-engineered threat that doesn’t have a lot of new elements to it–essentially a 2007 era technology.”

Even still, PC World notes that Webroot says one part 0f the virus could be new. This would be the fact that this virus could have been earning “some level of trust” with systems it infected:

Many ant-malware tools use some form of reputation analysis to help determine if a given program is malware or not. Essentially, if the executable has been seen before, and hasn’t done any previous harm it gets a bit of a “free pass”–it has proven itself and earned some level of trust.

Webroot feels that the amount of time that has passed between the initial development of the underlying ‘Flame’ code and its active use as a tool for cyber espionage or cyber warfare may have been an intentional effort to game the reputation system and sneak in under the radar.

As debate continues over how concerned countries should be about the recently discovered threat and security firms get to work trying to crack it, the Iranian government — a country that had the highest number of infected systems — has said that it has a way to fix the situation already. SlashGear has more:

“Tools to recognise and clean this malware have been developed” the Iranian Ministry of Information and Communication Technology said in a statement, “and, as of today, they will be available for those [Iranian] organisations and companies who want it.”

No more specific details of the nature of the tool have been released, and it’s unclear how long Iran has been working on a fix. It also remains to be seen whether the tools are legitimate or not: the Iranian government could grandstanding so as to maintain a sense of security, both on the international stage and for businesses and organizations in the country.

Distribution of countries that report infected systems. (Image via Wired)

Iran also announced this morning that it was in fact Flame that attacked the country’s main oil export system in Terhan earlier this month. CBS News reports this is the first “direct link” made between Flame and an attack in Iran.

(Related: Iranian oil back online after another cyber attack that forced disconnect)

Evidence suggests the virus was built as a cyber-espionage tool by another country to attack Iran — much like Stuxnet. No one has come forward to claim responsibility though — nor is it expected they will. Yet, based on the Daily Telegraph’s report an Israeli official has hinted at the country’s involvement or at least supported whoever created the malware. Vice Premier Moshe Yaalon is reported as saying to Army Radio that those who see Iran as a threat are “likely to take various steps, including these, to hobble it.“ He then mentioned that Isreal was ”blessed with high technology“ and through it can afford it ”all sort of opportunities.”