Security researchers: Flame malware is a “nightmare scenario”

While security experts are still getting to the bottom of Flame‘s true capacities, recent findings suggest the malware is one of the most perplexing and complicated programs of its kind.

Flame is the name given to a particularly formidable bit of malware that devastated computers across the Middle East. Made public last week, the software has been called one of the most sophisticated bits of malignant software in memory.

Much of this has to do with Flame’s ability to pretend as if it was approved by Microsoft’s certificate approval system. This, in turn, allowed the software to infiltrate even the most well-updated and patched systems.

Mikko Hypponen, Chief Research Officer at security research firm F-Secure, calls the whole situation a “nightmare scenario” for Microsoft, whose Update service he calls one of the net’s weak points.

“Having a Microsoft code signing certificate is the Holy Grail of malware writers. This has now happened,” Hypponen wrote in a blog post.

Elsewhere, Kaspersky researcher Alexander Gostev called Flame “one of the most interesting and complex malicious programs we have ever seen,” which, all told, is actually pretty worrisome coming from a security expert.

But what’s really remarkable about Flame is that researchers have had their hands on it for years, albeit unknowingly and in pieces.

In a recent post on Ars Technica, Hypponen says that researchers had detected portions of Flame since at least 2010, but ultimately failed to comprehend the threat’s full scope.

“What this means is that all of us had missed detecting this malware for two years, or more,” Hypponen writes. “That’s a spectacular failure for our company, and for the antivirus industry in general.”

That’s a surprisingly frank admission from a security expert, but it goes to show just how complicated efforts like Flame and Stuxnet are in relation to more commonplace malware threats. They’ve been there all along and yet no one knew about them.

Which essentially means that there’s a good chance that there are efforts similar to Flame that have yet to be uncovered.

Nightmare scenario? You bet.

Image: Flickr: P.Gordon, Robert Scoble