Getting spyware onto a computer is a trick in itself, and it seems that it would take a little bit of credulity and participation on the part of the victim. Maybe the victim was tempted to download some free, useful software. Or there's the trick of sprinkling infected USB flash drives in the parking lot of a target building and waiting for some curious employee to find one and insert it into a computer.
In any event, the latest cyberspy-craft we've learned about is Flame which was exposed by Kaspersky.ru. Excerpt:
It allows you to steal sensitive information, including the information output to the monitor, information about systems-installations, files stored on your computer, contact information of users and even audio recordings of conversations.
An independent study was initiated on the initiative of ITU and Kaspersky Lab, following a series of incidents on the other, as yet unknown malware, code-named Wiper, which has destroyed data on computers in countries of Western Asia. This malware is yet to be found; However, during the analysis of incidents of Kaspersky Lab specialists in cooperation with the International Telecommunication Union (ITU) have identified a new type of malware, now known as the Flame. According to the preliminary results of this zlovred is actively used for more than two years, from March 2010 onwards. Due to its complexity and focus on specific goals to date, it cannot be detected by any protective product.
It was found in Iran, according to Cnet.com, so one hopes the good guys built it and that any info coming out of it would help the right side. It would also seem to take a rather large computer network to filter and decipher all the raw data that gets collected. Otherwise some poor saps would have the dull job of listening to all the recordings, watching all the videos, and reading all the documents that got captured and transmitted via Flame.
One more interesting item from the Kaspersky article. This line:
However, it is already clear that the Flame may be distributed over a network in several ways, including through the use of the same vulnerability in print spooler service and the same method of infection via the USB device that uses the Stuxnet worm.
Bold added. It seems to confirm that the Stuxnet virus got on board via USB drives that found their way to the hands of the curious.
It's still a mystery as to who initiated Flame. Was it the U.S.? As Andrew Malcolm points out, the Obama campaign has willingly disclosed all sorts of information that should otherwise have been held close to the vest. Silence from the White House suggests there's no credit to be claimed.
What worries this blogger is whether each of our personal and business computers might be infected with some sophisticated virus, undetectable by typical anti-virus programs, just sitting there waiting for a signal from a criminal mastermind or the military of some non-friendly country. If it's just some spy watching all the videos we see on Youtube or reading all the chain letters that circulate through email then that's one thing. But if it's a program that could turn an infected computer into a beacon for killer drones, then that could be problematic.