This week the cyber warfare stakes in the Middle East were raised a few notches when a Kaspersky Lab (Link) anti-virus expert discovered the Flame virus, which many have dubbed the most advanced and sophisticated cyber weapon ever unleashed. The Flame espionage worm, a previously unknown piece of malware was at the heart of a campaign to delete classified information from computers throughout the Middle East.
Duqu and Stuxnet until now were thought to be the most advanced pieces of malware, but Flame seems to have gone much further. It redefines the term cyber warfare and espionage. Flame is a huge and complex worm that does everything that a James Bond type agent would do. It eavesdrops on conversations over the microphone, snaps photos at will, analyzes and adjusts network traffic. All without the users knowledge. It contains extensive libraries such as database manipulation and compression coupled with the powerful Lua scripting language that when fully deployed uses up about 20MB.
Just the Lua part contains 3,000 lines of code, a small fraction of Flame’s overall code and would take the average programmer a month to write and debug. Authors of malware and viruses utilize vulnerabilities, exploits and buffer-overflow techniques to effectively attack applications. They have been using such techniques for a long time.
Checkmarx’s founder and CTO, Maty Siman says that the damage that Flame has caused due to Windows’ OS vulnerabilities underscores the reason why he founded Checkmarx. “Many of these attacks can be defended against and prevented by conducting comprehensive security application screening to detect the application’s vulnerabilities” he says. “Just going through similar amounts of code to detect these vulnerabilities would take months on large applications” he adds. Attacks that make use of a buffer overflow error for example, which is what appears to be the case with Flame, overrun the boundary of memory allocated to a specific purpose, and overwrite adjacent memory, which in this instance is estimated to have caused the security breach. Checkmarx’ solution easily identifies and alerts application developers of such buffer overflow issues and advises what necessary changes have to be made to eliminate the vulnerability.