/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: In an interview with CIOL, Shantanu Ghosh, VP and MD, India Product Operations, Symantec, analysis spread, behaviour patterns and targets of the latest Flamer virus, widely believed to be a brain child of the western nations built to spy on the Iran's nuclear program.
CIOL: Do you think the Flamer virus indicate a new era of targeted attacks against countries or regions ?
In addition, Flamer is potentially the first Windows-based malware ever observed to use Bluetooth. Three theories have emerged as a result of Symantec's technical analysis into why this functionality has been built into Flamer:
1. To map infected users' social and professional circles by cataloguing the various other Bluetooth-enabled devices encountered.
2. Identify the physical locations of infected users to determine their proximity to high-priority targets, whether those targets be other individuals or computing systems.
3. Target other Bluetooth devices within range to steal information off them, us them to eavesdrop or leverage their data connections to exfiltrate already-stolen data.
Though the precise intentions of including Bluetooth connectivity into the threat's code cannot yet be determined, these three plausible scenarios further confirm Flamer's sophistication as an advanced espionage tool.
CIOL: Still a relatively small number of Flamer infections are said to have been discovered. Is there any chances of Flame virus infecting PCs Asia _Pacific or India ( As in case of Stuxnet which was found in several vital Indian installations)
Shantanu Ghosh: Initial telemetry and Symantec analysis indicates that the targets of this threat are located primarily in Eastern Europe and the Middle East. The industry sectors or affiliations of the individuals targeted are currently unclear. There are indications that W32.Flamer is also the same threat as described recently by the Iranian national CERT.
Based on the number of compromised computers, the primary targets of this threat are located in the Palestinian West Bank, Hungary, Iran, and Lebanon. However, we have additional reports in Austria, Russia, Hong Kong, and the United Arab Emirates. These additional reports may represent a targeted computer that was temporarily taken to another region–for example, a laptop. Interestingly, in addition to particular organizations being targeted, many of the compromised computers appear to be personal computers being used from home Internet connections.
CIOL: How effective do you think are the protection offered by security vendors for the known samples of Flamer?
Shantanu Ghosh: This threat is highly targeted and not likely to impact most users. All Symantec customers with latest virus definitions are protected.
CIOL: In your estimate what can be the consequences of the Flamer virus compared to Stuxnet?
Shantanu Ghosh: Symantec Security Response analysed Flamer and found that the threat has the ability to steal documents, take screenshots of users’ desktops, spread via USB drives, disable security vendor products, and under certain conditions spread to other systems.Flamer is a tool used for spying.
Stuxnet, in comparison, was the first computer threat that was capable of causing damage in the real-world due to its ability to modify the functioning of high-speed motors used in industrial control systems.
Flamer could be called a tool of cyber-espionage, but it does no physical damage. It is possible that information gathered by this tool could be used to create a Stuxnet-like threat. Or that Flamer could be upgraded with some destructive payload. But we are not currently seeing this. It is not appropriate to call it a weapon.