The Flamer worm caused the main buzz for AV and security companies in the late May 2012. It is kind of understandable – it is espionage tool and we do not see many targeted attacks that might be caused by governments. Everyone tried to cash in: some claimed that it is the most sophisticated, some claimed that it is the largest, others tried to guess its origins. The truth is, few people know the origin of Flame trojan, but they will keep silent.
I think Flame worm is decent, targeted espionage tool , though surely not the most sophisticated or most dangerous.. I t is not something we should be scared off. Firstly, it was undetected for two main reasons : it was distributed in country with limited AV availability. Lot of programs can’t be sold in Iran , and this fact was omitted in some reports to boost the danger level. Secondly, there were less than 2 000 infections worldwide. This is very small amount. In perspective, there are parasites that infect ten thousand PCs per day. This makes it easy for such malware to slip through and remain undetected until detailed system audit. IT does not required any complex tricks for distribution. It does not required size optimization and could be written in LUA.
The worst thing of the story is that each company tries to make buzz only. Everyone detects Flame by now. Though there is no good answer how to stay protected from such malwares in the future. Heck, much simpler scams are used : rogue applications like “Smart” data recovery, banker trojans, etc. Some rogues use 2 years old trick to disable regular antivirus. Why should we fear cyber espionage tools if we fail to update antiviruses and click on spam links?
To sum it up, one should be more wary of daily scams that surround us each day on the web rather “sophisticated” software that is not more complex than regular banking trojans or exploits. Flame will be forgotten soon (if noone will admit its authorship). The trojans will remain unsolved security problem.