Speaking to SC Magazine, Costin Raiu, senior security researcher at Kaspersky Lab, said that with threats such as Flame, Gauss and Red October being so large, well encrypted and intelligently coded, a combination of skills is needed to completely give a decent analysis of it.
Raiu said: “We said that it would take ‘ten years to truly understand the Flame code' and people laughed at us, but this was how we put the message out. When we asked for collaboration in understanding Duqu, we got hundreds, if not thousands of replies, and two-thirds of the people helped us solve the mystery.
“There are researchers out there who are amazing and when we announced Red October last week, Seculert CTO Aviv Raff discovered a fourth vector of attack and HD Moore, CTO of Rapid7 and Metasploit project inventor, did a scan of the internet and found a new command and control server (C&C).
“This collaboration shows that people with good skills do help analyse malware threats that are way too complex for one company to analyse.”
Raiu said that with a threat such as Flame, it is so big and complex that it can be a mystery as fragments of code are still unstudied and its purpose is unknown. “There could be more than 20 Flame variants in the wild and the version number is only exchanged in the handshake, but we have seen less than half of them,” he said.
“Also with Gauss, there are two unknown components, and we are talking about not being able to crack them. They are testing the limits of reverse engineering and analysis and the IT security industry. We have a regular resource with the best tools, minds and time.”