Flame mimics Microsoft’s Windows Update Mechanism

A sophisticated cyber-espionage malware targeting Windows computers in the Middle East was discovered on May 27. Flame (aka Skywiper) has been spreading for years but thanks to the excellent collaboration of various CERT/research teams, and private entities such as, antivirus vendors that worked together to restrict the malware from spreading further and condense its threat. In fact, it is now believed that the vast majority of customers are not at risk. Flame is known to be a complex piece of malware, used for information gathering and espionage. The attackers exploited an old cryptography algorithm used by Microsoft’s Terminal Licensing Services which allowed them to sign binary code. This resulted in the malware being signed by certificates that appear to be produced by Microsoft.

Read Kaspersky Labs analyses of the Command-and-Control infrastructure of Flame here – http://www.securelist.com/en/blog?weblogid=208193540

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top