/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: The newly detected Flame virus runs into millions of lines and there may be tough modules which investigators may come across in the coming days, say industry experts.
We are still in our early days of investigation. There are millions of lines of codes that have to be analyzed. So far, investigations have revealed that the attack is targeted at the Middle East, says Vinoo Thomas, spokesman and product manager for McAfee Labs.
"The codes run into about 20 mega bytes. We have till now seen the virus code that is 1 megabite size only," he added.
According to Thomas, it may take at least one year to unravel the code. Security vendors are now focused on specific modules. There may be even more harder modules which investigators may come across.
In an interview to CIOL, Carl Leonard, senior manager, Websense Security Labs, said: "Flame is considered to be one of the most advanced malware to date in terms of functionality it offers to its perpetrators. The virus incorporates a broad set of capabilities. There is always a chance of Flame infections in any area- it all depends if there’s any interest or gain that the group behind Flame can obtain by targeting a system in that area."
Advanced Persistent threats (APT) are covert and they come in many flavours. Flame is just one of them. It’s very likely that APTs are resident in most of modern countries today. In a lot of cases, once an advanced persistent is revealed, it usually means that this is only the beginning. Persistent attacks stay persistent on systems although some of their components get detected. So, once an APT is discovered, systems need to be checked thoroughly for other remains or other code or network traffic that may suggest threat persistence, he says.
"Stuxnet and Duqu had a specific target and aim while Flame appears to be more of a generic tool filled with different functionality aimed to gather intelligence and persist on the target network. It’s important to remember that the Flame platform could act as a hub to initiate more specific attacks that can have more specific context," he says.