Flame Burns Right Through Windows Application Security

May 30, 2012 By Administrator

This week the cyber warfare stakes in the Middle East were raised a few notches when a Kaspersky Lab (Link) anti-virus expert discovered the Flame virus, which many have dubbed the most advanced and sophisticated cyber weapon ever unleashed. The Flame espionage worm, a previously unknown piece of malware was at the heart of a campaign to delete classified information from computers throughout the Middle East.

Duqu and Stuxnet until now were thought to be the most advanced pieces of malware, but Flame seems to have gone much further. It redefines the term cyber warfare and espionage. Flame is a huge and complex worm that does everything that a James Bond type agent would do. It eavesdrops on conversations over the microphone, snaps photos at will, analyzes and adjusts network traffic. All without the users knowledge. It contains extensive libraries such as database manipulation and compression coupled with the powerful Lua scripting language that when fully deployed uses up about 20MB.

Just the Lua part contains 3,000 lines of code, a small fraction of Flame’s overall code and would take  the average programmer a month to write and debug. Authors of malware and viruses utilize vulnerabilities, exploits and buffer-overflow techniques to effectively attack applications. They have been using such techniques for a long time.

Checkmarx’s founder and CTO, Maty Siman says that the damage that Flame has caused due to Windows’ OS vulnerabilities underscores the reason why he founded Checkmarx. “Many of these attacks can be defended against and prevented by conducting comprehensive security application screening to detect the application’s vulnerabilities” he says. “Just going through similar amounts of code to detect these vulnerabilities would take months on large applications” he adds. Attacks that make use of a buffer overflow error for example, which is what appears to be the case with Flame, overrun the boundary of memory allocated to a specific purpose, and overwrite adjacent memory, which in this instance is estimated to have caused the security breach. Checkmarx’ solution easily identifies and alerts application developers of such buffer overflow issues and advises what necessary changes have to be made to eliminate the vulnerability.

The following two tabs change content below.


Latest posts by Administrator (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.