Guest post: The Flame Virus

No Comments

In this post CIRA’s Director of Information Technology, Jacques Latour discusses the Flame Virus and what Canadians can do to protect themselves:

The media has been on fire this week with the news of a ‘new’ and very serious piece of malware, the so-called Flame Virus. While there is a lot of information out there about this virus, I have noticed that much of it is not entirely accurate. Here’s what we know:

-  The virus is complex. Very complex in fact, and that’s the reason it has piqued the attention of people like me. It is clear that as it exists today, it is not active to the full extent it is capable of. The Flame Virus is certainly one of the most sophisticated viruses we have ever seen.

- At this time, there is no anti-virus product that can identify and delete the virus from a computer. That said, there are many very smart people working on this right now, and I know that the ‘fix’ will be out soon.

- The Flame Virus is currently not spreading via the Internet. But because of its complexity, it most definitely has the capability to do so should the creators of the virus decide to make this tactical shift. Currently it is spreading via USB memory sticks and on local area networks, or LANs.

- Actual infection rate is very, very low – estimated to be at about 1,000 computers around the world. The virus is also incredibly targeted, targeting mostly computers in the Middle East (and in particular Iran). Canadians are currently at minimal risk for this virus.

For a good, thorough explanation of the virus, Kaspersky, a Russian Internet security firm, has released an information resource available here.

So while the vast majority of Canadians are currently at no risk for this virus, there are a few things we should all be doing to protect ourselves from malware generally:

- Make sure your operating system and anti-virus programs are up-to-date. This means updating your software when updates are available and restarting your computer regularly. Updates are the key to stopping viruses and keeping Canadians safe online.

- Check your anti-virus providers’ website regularly. While the fix for the Flame Virus will likely be available in the next few weeks, it may not be available as an update to your regular anti-virus program. It might be distributed be a separate tool, and you may have to access it independently of your regular anti-virus program. The solution may also vary from vendor to vendor, so it’s best to check their website for specific info on the virus.

- Avoid becoming a victim of ‘click-through syndrome’. Very often, new programs require elevated privileges on a computer, and a pop-up will ask you to grant these privileges. Many people have become accustomed to automatically clicking ‘okay’ when met with this request – thus becoming a victim of ‘click-through syndrome’. Many viruses require these elevated privileges to be fully operational, so before you click ‘okay’, make sure you know, and trust, the provider of the program.

- Only download antivirus products directly from the vendor’s website, and avoid third party distributors.

- One of the ways that the Flame Virus is spreading is via infected USB memory sticks. It is always good practice to only use USB memory sticks from a source that you trust.

We developed a great tip sheet to help Canadians stay safe online with Media Smarts (formerly the Media Awareness Network), available here (.PDF). The Canadian government’s site getcybersafe.ca site is also a great source of information.

We all have a responsibility to keeping the Internet a safe and secure place for all Canadians. Please do your part.

Share on Tumblr