Tuesday, June 5, 2012

Flame Virus - Microsoft Executioner?

Flame Virus: Today your computer; Tomorrow, the world!       (c) Checkmarx

Click here for related story [Gizmodo]

We follow up yesterday's post on Flame's functions with this update on the impact of the Flame virus. 

Gizmodo advises that Flame, the Uber-Virus, is now delivered disguised as a Microsoft Update to PC users.  Since the code appears legitimate, individual users as well as corporate and government IT managers will likely download and install it assuming that it is legitimate. 

Real MS Certificate (c) MS

It comes complete with a counterfeit security certificate [the component is named Gadget] which reroutes future update requests away from Microsoft back to the Flame system, which then downloads the full Flame virus onto the user's computer -- and network.

The disturbing aspect of this bogus security certificate is that it's been active for well over a year.

Limited Vulnerability (c) DesktopNexus
The immediate impact is one that no one wants to talk about.  That being that this virus could be the end of Microsoft as an operating system since, once infected, there will be no easy way to detect the virus on a PC or server system running Microsoft [if this is an incorrect assessment, feel free to correct us, and we'll retract the statement].

If the MS operating system is corrupted on a wide range of networks, administrators -- and individual users will be concerned about its future security.

The predictable solution will be a mass move to Unix systems, which are highly resistant to virus infections.

Once loaded, Flame can begin its spying and data collection/transmission tasks immediately, or it can reside as a sleeper agent to be activated on a Zero Day -- without warning to the user or system administrator. [For the technical details, go to the referenced Gizmodo article.]

You're Toast!      (c) TNJ

Officially, we are told that not more than 1,000 computers have been infected, and
"... the immediate risk is not great" --

which is like your oncologist saying:
"the immediate risk of the cancer we found in your lymph nodes is not great.  Tomorrow, when it spreads from the lymph nodes to the rest of your body, then you should be concerned."

It only takes one computer on a network to be infected to infect the entire network.  Worse, outside computers interfacing with the infected network server will be infected as well, spreading the virus to unsuspecting users -- who in-turn, infect their company or government networks. 

SEC regulator at work                      (c) OddNewsToday
Think in terms of the Securities and Exchange Commission [SEC] staff which seems to spend an inordinate amount of time on porn sites, which would likely be the first to be infected.  The linkage there is with all of Wall Street, and thus the entire US financial community, to include your friendly, neighborhood bank.

So, essentially, your SEC employee viewing his afternoon porn show can download the Flame virus onto his government computer and spread the virus nationwide, and perhaps globally. 

Once this virus is in your banking system, it can access your checking and savings accounts, as well as all the accounts in your electronic bill=payer system.

Generally speaking, we would presume that the US Government IT systems would be the most secure in the world.  But, in discussing the issue with those very familiar with federal IT programs, we learn that saying these systems and networks are secure is like saying a sieve will hold water.

IT  --  you want me to show you "it"?           (c) David Molner
 During this Administration, the federal government has been converted into a nepotistic cesspool, with IT departments in particular being filled with incompetent simpletons and their pals who have no more understanding of IT systems than your family dog.

But, they, can hire consultants to do the basics, and keep from getting into too much trouble or crashing the department's systems entirely.

Although the government spends billions on equipment and software [Agriculture's IT budget is over a billion dollars, so there's no shortage of funding], the government IT shops are devoid of expertise.  .At this point, the US federal IT system is much like the old, decrepit, wooden farmhouse that is held together by fresh coats of paint.   The incompetent IT employee pool figures it can probably last for up to a year after the Administration changes next January, after which, we can presume the entire system will implode.

Today, we're not certain who created the Flame virus. 

Rumor has it that it was a joint effort between the US and an Ally to attack Iran -- thus the Middle East target countries so far identified.

That's all well and good, except, we now have to deal with the Law of Unintended Consequences, which suggests that, with this virus in the hands of an Ally which has not always acted in the best interests of the US, who's to say the US government IT system won't be a Zero Day target -- after which we become the pawn of our Ally.