Some media outlets say Flame is Stuxnet or Duqu, but for espionage use -- as if it were the first time malware had been used by a nation to spy on its citizens or on the citizens of other countries. But that isn't even close, nor were Stuxnet or Duqu, for that matter.
Many countries and their spy agencies have long had remote-control malware programs. Germany and France have been in the press on that score for years, but you must assume that every capable nation does it and has been doing it for a long time. I can remember public advertisements by the U.S. government for bids to build industrial/cyber warfare malware programs two decades ago. I have friends who've worked on such covert projects. It's nothing new.
If there is a central headline to be made, it's that one of the many general malware programs made by a nation or spying agency (likely originating in the United States because of the identified program strings) has been caught and identified in the wild. There are lots of these spying programs in the world, but it's a testament to how bad and bloated the malware code is that it has gained all this attention. It's been incredibly documented and all the antimalware companies now detect it. Certainly the people that paid for the program can't be happy. They should ask for a refund.
I just can't get worked up over Flame. It's a failure at every level.
This story, "Why I can't get inflamed over Flame," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.