The highly-sophisticated technology behind computer viruses like Flame and Stuxnet will eventually be used by cyber-criminals to target all compuier users.

Cyber Warfare

The last few months have seen the discovery of some hugely-complex and highly-sophisticated cyber espionage tools, such as Flame and Gauss. These were nation-state sponsored computer viruses, targeting high-level infrastructure and banking systems, the technology behind them will soon be used by cyber criminals to attack you and me.

Finnish-based security firm F-Secure has published its latest Threat Report, covering the first half of 2012, which says we are now seeing the "very first step of a new arms race: the cyber arms race."

"We haven't seen real online warfare yet, of course, because we haven't seen wars between technically advanced nations lately. But any future crisis is likely to have a cyber-component as well," Mikko Hypponen, chief research officer at F-Secure, said in the report.

While computer viruses like Stuxnet, Flame and Gauss have had little impact on the vast majority of computer users around the world, it is the high-end research which has gone into creating them which could prove very dangerous in the near future.

Sean Sullivan, a security researcher at F-Secure spoke to IBTimes UK following the publication of the report and said the discovery of these cyber espionage tools, has led a lot of people to ask: "How does it affect you?"

Sullivan believes that the high-end vulnerability research which has been carried out to create the likes of Flame and Gauss, will eventually trickle down to the cyber criminals who target you and me, and let them "create more potent attacks."

Considering that Flame had the ability to connect to any paired mobile phone near an infected machine and steal the address book from the phone, it is clear that these potential new pieces of malware could be very powerful indeed.


One of the most pervasive trends F-Secure saw in the computer threat landscape in the first half of 2012 was the expanding usage of vulnerability exploitation for malware distribution, which is tied to the recent improvement in exploit kits.

Exploit kits are toolkits that allow malware operators to automatically create exploit code. The most common way users come across exploit kits is on malicious or compromisedlegitimate websites, where they silently probe and exploit any vulnerabilities presenton a site visitor's machine.

The development of more sophisticated exploit kits based on the technology used in the Flame and Stuxnet viruses could lead to trouble for all computer users. And it is already happening, according to Sullivan.

Engineers who create malware for criminal organisations will already be working on turning this new research into a sellable product. "Some of the high-end kit developers will be drawn to this," Sullivan says.

Once developed, the kits can be sold to numerous criminal gangs and tweaked to carry out specific attacks, depending on which company or individual the gang is targeting. Sullivan believes the creation of high-end viruses like Stuxnet essentially "provides a roadmap" for these developers of what to do next.

Defending aginst military-strength malware

In the F-Secure report, Hypponen says: "Defending against military-strength malware is a real challenge for the computer security industry." Considering that the same technology is likely to soon be in the hands of criminals who target everyday PC users, it could suggest that security companies will find it equally difficult to protect against these attacks.

However, as Sullivan pointed out, the delivery method - the way in which the virus initially infects a system - of Flame and Stuxnet is still not entirely clear, and this could present a stumbling block for the criminals.

It is believed that the Stuxnet virus, which targeted the Natanz nuclear facility in Iran, was physically introduced to the facility's computer system by a person acting on behalf of the virus' creators, who are believed to be the US and Israeli governments.

Therefore, if and when the criminal gangs do manage to commoditise this new technology, they will still require a human influence in order to get the malware onto a system initially. This will mean bribing or paying-off a company employee in order to get the new exploit kits onto internal systems.

When asked what security companies can do to protect their customers against attacks using these sophisticated exploits, Sullivan says F-Secure's 2013 product will include "brand new behavioural detection", which should help protect customers.