HELSINKI: The Flame malware has caused lasting damage to the security industry's anti-hacker efforts, with its ability to copy Microsoft's signature destroying companies' trust in Windows patches and updates, according to renowned security researcher Mikko Hypponen.
Microsoft was forced to update its security certificate platform in response to the discovery of the Flame malware attack in an effort to prevent the use of unsigned security certificates being presented to users as authentic and issued by the Redmond firm.
The F-Secure security chief said that as a result firms may now stop installing critical updates to their networks and computers from Microsoft, at the risk of making them easier targets for cyber criminals.
"The fact is Flame spoofs Microsoft updates. That means they [the creators of Flame] have the crown jewels", said Hypponen.
"Now people don't trust Microsoft updates and that means we're going backwards, which isn't a good thing. We had it where people were automatically updating their systems with the latest software, now they're wary again."
However, Hypponen pointed out that as Flame is an advanced malware designed for espionage, it is designed to attack a small set of targets, so firms should not be too hasty in stopping their updates.
"Our customers have never been hit by Flame, it goes after very specific targets. If normal cyber criminals are like muggers, Flame's like James Bond - it doesn't go after everyone, but it gets the people it wants to," he said.
Hypponen also echoed F-Secure chief executive Christian Fredrikson‘s sentiment that Flame was a wakeup call for the security industry.
"We can protect you against all the little attacks and we're always looking for new threats. We want to detect them all, but we failed," said Hypponen.
Flame was uncovered in early May and is believed to have been created by a nation state, most likely the US and Israel, to target Iranian government computer systems.
Hypponen added he thought it was highly likely an advanced nation state was behind the creation of the malware.
"Science like this doesn't come out of nowhere - we're talking guys with PhDs doing complex maths for a long time with massive resources like a super computer," he said.