Use of Microsoft certificates shows this was the most sophisticated malware ever created, company tells CBR
The Flame cyber weapon was a "brilliant" piece of software and ranks as one of the most sophisticated viruses ever created, Imperva director of security strategy Rob Rachwald has told CBR.
Details of the virus were first revealed in May this year, when researchers from Kaspersky Lab and Symantec both announced its discovery. It had been working undetected from anywhere between two and five years, scouring PCs and networks across the Middle East for sensitive information, most likely related to Iran’s nuclear programme.
Kaspersky said it was, "one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyber-espionage." The firm added that its incredibly targeted nature marked it out as a very sophisticated bit of software.
That hyperbole was criticised by others in the security industry, notably Trend Micro’s Rik Ferguson, who suggested it was not as sophisticated as some had suggested. Graham Cluley of Sophos also dampened the Flame rhetoric, saying that it doesn’t do anything that different from much of the other bits of malware out there.
However it was soon revealed that to install itself on PCs, Flame spoofed Microsoft certificates to trick PCs into believing it was legitimate software. It is that aspect that marks Flame out as something special, Rachwald said.
"Flame was brilliant," he told CBR. "The use of Microsoft certificates was like walking into the Tower of London and leaving with the Crown Jewels," adding that it was likely Israeli military identified the targets while US developers wrote the code.
Rachwald added that he believes the NSA would have been used to supply the Microsoft certificates, which it would have got thanks to a privileged access deal it has in place with the Redmond firm.
There is if course no suggestion that Microsoft played any role in this and Rachwald points out that the company’s subsequent reaction, when it announced it would revamp its certificate procedure, is an indication that it was unaware what was happening.
Rachwald’s comments echo those of Bit9 CTO Harry Sverdlove. He told CBR that Flame was, "comprehensive rather than complex. It did nothing new; Zeus has the ability to turn on a microphone and record. The one exception is something we’re only beginning to understand: the forging of the Microsoft digital certificate."
"There are only a handful of people in the world that can do that," Sverdlove continued. "This wasn’t a traditional zero-day exploit; it was very clever."