Is W32.Flamer Evidence of Cyberwarfare Activities?

A number of commentators on the Net are suggesting that the recent malware infection in a number of Middle Eastern countries is evidence of Cyberwarfare Activities by a professional team

Flame, or W32.Flamer, or skywiper may have been developed by a nation state as part of cyberwarfare activities, and is targeted at information gathering, rather than distruction of data. Analysts who have been decoding the computer worm have been unable to identify the source, but they say only a professional team working for several months could have been behind it.

The CrySys Laboratory in Hungary was one of the first to attempt analysis, reported that: “The results of our technical analysis supports the hypothesis that skywiper was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyberwarfare activities.”It is certainly the most sophisticated malware we have encountered. Arguably, it is the most complex malware ever found.”

According to Symantec, W32.Flamer is a worm that spreads through removable drives. It also opens a back door into the users computer and may steal information from the compromised computer. Symantec Security Response is currently investigating this threat but has classified the Threat Assessment in the wild as Low.

Damage Level: Medium
Payload: Opens a back door.
Releases Confidential Info: Steals information.

Although the rate of spread may be low, due to the propagation method, this malware is likely to attract a lot of attention and hot debate because of the potential for Cyberwarfare. Watch this space for more news as it emerges.

For more information see: