Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AntiVirus Firms Out of their League with Stuxnet, Flame

Hugh Pickens writes (1984118) writes | more than 2 years ago

Security 2

Hugh Pickens writes writes "Mikko Hypponen, Chief Research Officer of software security company F-Secure, writes that when his company heard about Flame, they went digging through their archive for related samples of malware and were surprised to find that they already had samples of Flame, dating back to 2010 and 2011, that they were unaware they possessed. "What this means is that all of us had missed detecting this malware for two years, or more. That’s a spectacular failure for our company, and for the antivirus industry in general." Why weren't Flame, Stuxnet, and Duqu detected earlier? The answer isn't encouraging for the future of cyberwar. All three were most likely developed by a Western intelligence agency as part of covert operations that weren’t meant to be discovered and the fact that the malware evaded detection proves how well the attackers did their job. In the case of Stuxnet and DuQu, they used digitally signed components to make their malware appear to be trustworthy applications and instead of trying to protect their code with custom packers and obfuscation engines — which might have drawn suspicion to them — they hid in plain sight. In the case of Flame, the attackers used SQLite, SSH, SSL and LUA libraries that made the code look more like a business database system than a piece of malware. "The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets," writes Hypponen adding that it’s highly likely there are other similar attacks already underway that we haven’t detected yet because simply put, attacks like these work. "Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.""

Sorry! There are no comments related to the filter you selected.

It doesn't have to take the resource of a nation (1)

Taco Cowboy (5327) | more than 2 years ago | (#40204855)

In the case of Flame, the attackers used SQLite, SSH, SSL and LUA libraries that made the code look more like a business database system than a piece of malware

 
 

"The truth is, consumer-grade antivirus products canâ(TM)t protect against targeted malware created by well-resourced nation-states with bulging budgets,"

SQlite, SSH, SSL and LUA libraries are readily available to any and all competent programmers

And it does NOT have to take the resources of a nation to write a malware / virus such as "Flame" or "Stuxnet"

All it needs is knowledge, determination, and lots of hard works

First sentence is a 'no duh'. (0)

Anonymous Coward | more than 2 years ago | (#40205359)

"The failure to detect Flame means simplistic signature-based detection is obsolete."

This has been known for a long time but it took an international incident for it to sink in.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?