The recently discovered virus known as Flame has revived the fears sparked by the now-infamous Stuxnet virus uncovered in 2010. Despite all the hoopla, however, the effects of the two viruses may end up being very different.
Some comparisons between the two “super viruses” are undoubtedly appropriate: Both seemed to be aimed at Iran and its neighbors; both had the fingerprints of Western governments; both could be spread to computers by removable devices; and both caught the media’s attention in a huge way.
For the average computer user, Flame, like Stuxnet, will likely mean little. Iran said it has developed a way to block the virus and now American antivirus companies like Sophos and McAfee say their products protect against Flame, which researchers have found on only about 1,000 computers.
“At its simplest level, Flame isn't doing anything different from the vast majority of other malware we see on a typical day,” Sophos’s Graham Cluley wrote in a blog post.
Still, by virtue of its apparent target in Iran; its potential links to governments; and its hold on the headlines, Flame will play a role in the policy debate over how to better secure the Internet and computer networks.
The Kaspersky Lab researchers who helped discover Flame have called it the the "most sophisticated cyber weapon yet unleashed." Already, backers of Senate cybersecurity legislation have pointed to Flame as just the latest example of the need for increased protections.
There's always the chance that Flame's framework could have been used to sabatoge industry or government computers. But at this point there seems to be little to indicate that Flame is some kind of Stuxnet on steroids, especially in the political sense.
Stuxnet rocked the cybersecurity world for one very basic reason: The damage it did to Iranian nuclear facilities was the first relatively concrete example of a computer attack causing physical damage.
To this day, proponents of stricter cybersecurity legislation struggle to make their case because there are few widely accepted examples where cyberattacks have caused any catastrophic physical damage. Stuxnet gave a glimpse of the potential.
At this point, researchers say Flame (and all its various components that go by a variety of names) was a sophisticated espionage program. It collected passwords, took screen shots, recorded sounds, stole all kinds of information, and opened backdoors in security systems.
To many people, Stuxnet highlighted the potential for real, physical damage from cyberattacks. Governments, organizations, and individuals, however, have been spying on each other online for years.
If Stuxnet was a cyberwarrior, Flame is a cyberspy. From a technical standpoint, Flame may be unprecedentedly sophisticated, far-reaching, and even state-sponsored, but at this point cyberspies are not a game-changer.