Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Flame Virus.
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Flame Virus.
Flame Virus.
05-06-2012 4:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Now don't be losing any sleep over this but,
The infamous Flame virus can infect even secure PCs by tricking them into believing its malicious payload is actually an update from Microsoft.
As we already know, Flame has gained traction by tapping into security certificates for Microsoft's Terminal Server. Though they appear to be digitally signed by Microsoft, the certificates are actually cooked up by the people behind Flame, thereby tricking PCs into accepting them as legitimate.
Microsoft and Symantec revealed yesterday that the virus can up the ante by using the fake certificates to spoof Microsoft's own Windows Update service. As such, Windows PCs could receive an update that claims to be from Microsoft but is in fact a launcher for the malware.
Symantec described the method behind Flame's madness: The virus, also known as Flamer, uses three applications to infect PCs -- Snack, Munch, and Gadget. Collectively, this trio can trick PCs into redirecting Internet traffic to an infected computer with a fake Web server,. Once infected, a PC thinks the file that loads Flame is actually a Windows Update from Microsoft.
And as Symantec explained in its blog, spoofing Windows Update is not a trivial matter.
Hijacking Windows Update is not trivial because updates must be signed by Microsoft. However, Flamer bypasses this restriction by using a certificate that chains to the Microsoft Root Authority and improperly allows code signing. So when a Windows Update request is received, the GADGET module through MUNCH provides a binary signed by a certificate that appears to belong to Microsoft.
The unsuspecting PC then downloads and executes the binary file, believing it to be a legitimate Windows Update file, Symantec added. The binary is not the Flame virus itself but a loader for Flame.
Microsoft also confirmed the risk to Windows Update, explaining that the vulnerability could be used to attack customers who weren't the focus of the original Flame virus.
The infamous Flame virus can infect even secure PCs by tricking them into believing its malicious payload is actually an update from Microsoft.
As we already know, Flame has gained traction by tapping into security certificates for Microsoft's Terminal Server. Though they appear to be digitally signed by Microsoft, the certificates are actually cooked up by the people behind Flame, thereby tricking PCs into accepting them as legitimate.
Microsoft and Symantec revealed yesterday that the virus can up the ante by using the fake certificates to spoof Microsoft's own Windows Update service. As such, Windows PCs could receive an update that claims to be from Microsoft but is in fact a launcher for the malware.
Symantec described the method behind Flame's madness: The virus, also known as Flamer, uses three applications to infect PCs -- Snack, Munch, and Gadget. Collectively, this trio can trick PCs into redirecting Internet traffic to an infected computer with a fake Web server,. Once infected, a PC thinks the file that loads Flame is actually a Windows Update from Microsoft.
And as Symantec explained in its blog, spoofing Windows Update is not a trivial matter.
Hijacking Windows Update is not trivial because updates must be signed by Microsoft. However, Flamer bypasses this restriction by using a certificate that chains to the Microsoft Root Authority and improperly allows code signing. So when a Windows Update request is received, the GADGET module through MUNCH provides a binary signed by a certificate that appears to belong to Microsoft.
The unsuspecting PC then downloads and executes the binary file, believing it to be a legitimate Windows Update file, Symantec added. The binary is not the Flame virus itself but a loader for Flame.
Microsoft also confirmed the risk to Windows Update, explaining that the vulnerability could be used to attack customers who weren't the focus of the original Flame virus.
We are born into history and history is born into us.
2 REPLIES 2
Re: Flame Virus.
05-06-2012 8:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Presumably addressed by this update http://support.microsoft.com/kb/2718704 that my computer installed yesterday.
Re: Flame Virus.
08-06-2012 9:55 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Flame commits suicide ... http://www.theregister.co.uk/2012/06/07/flame_suicide_command/
Now Zen, but a +Net residue.
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page