Huawei Honor Holly
Huawei Honor 6
Oplus XonPhone 5
Xiaomi Redmi 1S
Asus Zenfone 6
Asus Zenfone 5
HTC One (M8)
Analysis: Sony Xperia Z3 camera capability and image quality
How to shop smarter online to get best prices, discounts
Xiaomi Redmi 1S tested after OTA update
iPhone 6 Plus vs Galaxy Note 4 vs Nexus 6: Specs Comparison
SignEasy lets you sign documents digitally on your phone or tablet
How tech is taking football to the next level
Classic FPS games are a dying breed
Slowly gathering steam...
The obsession within
Carmick Shift: Can John Carmack and Oculus Rift change the world?
Indian Air Force asks personnel not to use Xiaomi phones
Apple issues security warning for iCloud
Intex Aqua Amaze octa-core smartphone launched at Rs. 10,690
Microsoft releases first update to its Windows 10 Technical Preview
Philips Aurora i966 with 5.5-inch QHD display, 3GB RAM unveiled
Moto G 2nd gen launched, available from midnight at Rs. 12,999
Xiaomi goes for the kill, prices Redmi 1S at Rs. 5,999 in India
Xiaomi lists Mi3 cases and power-banks on Flipkart, offers 10,400 mAh powerbank for Rs. 999
Moto G2 expected to be announced on 10 September
Motorola Moto X (Gen 2) smartphone, Moto 360 smartwatch announced for India
Dell Inspiron 3542
Acer Aspire E1-572
ASUS Zenbook UX302LG
Lenovo Yoga Tablet 2 Pro
Lenovo Yoga Tablet 2 10.1 Windows
Overview: Implementing fast real-time GPU-based image blur algorithms
How to use Intel Perceptual Computing SDK for human-robot interface
How to use touch gestures to Influence Physics Parameters using TouchScript
Case Study: How to adapt multiple input methods on Intel based hybrid devices
How to fix Nexus 4 power button issue
How to get started with OpenCL on Android OS
How to use Intel Cilk Plus to speed up your Android application
Tutorial: How to implement H.265/HEVC for Intel Atom Based Android Platforms
How to implement Gesture Sequences in Unity 3D game engine via TouchScript framework
How to use Native Library Compression SDK for Android apps
Digit News Update [21 Oct 2014]
Digit News Update [20 OCT 2014]
Pentax K-500 Camera Review
Lenovo launches Yoga 2 series tablets
Apple unveils ipad air 2 and the ipad mini 3
Best online deals to look out for today
5 apps to get the Android Lollipop look on your smartphone
Top 10 value for money phones to buy from 6K to 20K
Apple iPad Air 2 vs. Google Nexus 9: Specs comparison
Lenovo Yoga 2 tablets: Hands on
Over the holiday weekend the online news networks were abuzz with news of a "massive cyber threat" variously called Flame, Flamer, or sKyWIper. Researchers at Hungarian lab CrySyS stated, "sKyWIper is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found." In an ABC News interview, Udi Mokady, CEO of Cyber-Ark, an Israeli developer of information security, warned that Flamer is "20 times more sophisticated than Stuxnet... It's a live program that communicates back to its master. It asks, where should I go? What should I do now? It's really almost like a science fiction movie."
Kaspersky researchers determined that the threat spreads by infected autorun.inf files on USB keys, a trick also used by Stuxnet, as well as a technique involving directories that launch malware when opened. After the initial infection it can spread to other machines within the network.
As for what it does, you might better ask what doesn't it do. Just about any kind of espionage you can imagine is handled by one of Flamer's modules. Among other things, McAfee's researchers found that it can report on network resources, steal specific files, detect and evade over 100 security products, capture screens, record audio through the built-in microphone, explore nearby Bluetooth connections, and more.
It's worth noting that Flamer doesn't necessarily do any of these things, not even replicate to other systems, unless it's told to do so by its Command and Control servers. This combined with the fact that it uses many standard commercial modules may have helped it get past behavior- and reputation-based detection systems.
Who Wrote It?In an early report on the threat, CrySyS states, "The results of our technical analysis support the hypotheses that sKyWIper was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyber warfare activities." Mokady of Cyber-Ark suggested that Israel, the U.S., China, and Russia all have the know-how to create this offensive.
Israel-watcher Richard Silverstein wrote, "My major scoop is that my senior Israeli source confirms that it is a product of Israeli cyberwarfare experts... My source also tells me that this is the first known instance in which Israeli intelligence has used malware to intrude on Israeli citizens."
In fact, in an ABC News interview Senior Israeli minister Bogie Yaalon all but claimed credit for the attack, saying, "Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it. Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."
Dissenting VoicesJoe Jaroch, a leading researcher at Webroot, is less impressed by Flamer. He's not convinced that a nation-state's resources would have been required for its creation. "This was definitely not developed by a single person," said Jaroch, "but assuming it is a nation behind the code would probably be underestimating the abilities of private malware authors. Threats like TDL4 provide a much stronger set of functionality and obfuscation."
Flamer's complexity, notes Jaroch, "doesn't equate to the conventional term of complexity with regard to threats. Server-side polymorphic malware which layers together multiple components dynamically protected by rootkits have been around for several years and are orders of magnitude more complicated," said Jaroch. He added, "Using 20 times more code than Stuxnet doesn't necessarily mean that it is 20 times stronger."
Kaspersky's report states that the project "was created no earlier than in 2010." Other sources treat it as a fairly recent outbreak. However, the CrySyS report notes that Flamer "may have been active for as long as five to eight years." Webroot's Jaroch pins it down: "We first saw this threat in Europe on December 5th, 2007." Security expert Mikko Hypponen of F-Secure agrees that Flamer "has been spreading for years."
Should You Worry?Kaspersky's detailed report lists the top seven countries affected by Flamer. In descending order of known infestations they are: Iran, Israel/Palestine, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt. Given that the number of hits in Egypt was just five, if you're not in one of those countries you're probably safe.
It's true that Flamer, quite unlike Stuxnet or Duqu, spied on individual home PCs in addition to business computers. However, given that it only follows instructions sent via its Command and Control servers, even if it somehow wound up on your PC it probably wouldn't do anything. Naturally the major antivirus vendors either have or will soon have detection signatures for this threat.
The real worry is that Flamer has been around for as long as five years without detection. F-Secures's Hypponen summed it up, saying, "Stuxnet, Duqu and Flame are all examples of cases where we — the antivirus industry — have failed. All of these cases were spreading undetected for extended periods of time." Webroot's Jaroch notes that the extended lifetime of this threat "could mean someone was trying to seed the industry and game the reputation analysis approach some vendors use to protect against threats. When it’s a known agent and crosses a specific time threshold it could game certain systems."
He definitely has a point. With modern Web-based attacks capable of serving up a slightly different malware file to every visitor, simple file signatures are losing more and more value. Behavior-based detection is definitely more flexible, but vendors shouldn't give a total pass to programs just because they haven't done anything bad yet. For now, keep your security software up to date, and thank your stars that you weren't the target of this attack.