The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
Advertisement
Free Gartner Report:
Drive innovation & collaboration
with the "Everyone's IT" approach.

View the research report
Microsoft/Windows
Gartner's #1 for endpoint backup
Average Rating:
Rate this article:  
Flame Virus Leads Microsoft To Update Windows Update

Flame Virus Leads Microsoft To Update Windows Update
By Barry Levine

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

The anti-virus researchers who discovered Flame indicate that, in addition to getting into a network, Flame's "man-in-the-middle" attack was intended to help spread Flame from one computer to another in the same network. Apparently, Flame intercepted requests to Windows Update by uninfected computers, and then delivered its virus to those computers.
 



The Flame computer virus, apparently targeted at Iran, is now leading Microsoft to button up its security. This week, the Redmond, Wash.-based technology giant said it was increasing security on its Windows Update software, which apparently helped distribute the Flame virus.

Microsoft said that whoever built the Flame virus exploited a vulnerability in Update, so that it looked like a legitimate download to the receiving computer or computers.

'Cryptographic Collision Attack'

A week ago, security experts revealed the existence of the Flame virus, which they described as one of the most complex viruses ever found. It's not clear who created it, or for what purpose, but most experts believe it was targeted specifically at computers in Iran and possibly other Middle Eastern countries.

The virus' creator has been attributed, without confirmation, to either the United States or Israel, or both. According to experts, it probably infected no more than a few thousand computers.

On Microsoft's official corporate security response blog, called the Security Response Center, Senior Director Mike Reavey wrote on Tuesday that the "Flame malware used a cryptographic collision attack," in combination with unauthorized digital certificates, which made it appear "as if it came from Microsoft."

To increase protection for customers, he added, "the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution."

On Monday, Reavey had written that the company's analysis found "some components of the malware have been signed by certificates" that could exploit an older cryptography algorithm used by Microsoft's Terminal Server Licensing Service. This kind of exploitation is known as a "man-in-the-middle" attack, in that there is an "impersonation" of a download delivered through Microsoft Update.

'Most Sophisticated' Ever

In order to mitigate that risk, Reavey said the company was releasing a Security Advisory outlining ways that customers can block software signed by the unauthorized certificates. An update automatically takes that step for customers, and the Terminal Server Licensing Service is no longer issuing certificates that allow for code to be signed.

Reavey also noted that the now-corrected flaw could otherwise have been used by developers of less-sophisticated viruses.

The anti-virus researchers who discovered Flame indicate that, in addition to getting into a network, this man-in-the-middle attack was intended to help spread Flame from one computer to another in the same network. Apparently, Flame intercepted requests to Windows Update by uninfected computers, and then delivered its virus to those computers.

Even as Microsoft and security researchers are trying to nail shut the barn door, they are clearly in awe of the technical prowess that produced Flame. Security firm Kaspersky Labs, which helped discover Flame, has written on its SecureList blog that, as their investigation continues, they have discovered that "this is one of the most interesting and complex malicious programs we have ever seen."

In short, the Labs wrote, while the previous Stuxnet and Duqu super-virus weapons "raised the stakes," Flame is possibly "the most sophisticated cyber weapon yet released."
 

Tell Us What You Think
Comment:

Name:



UCS Invicta: Integrated Flash Why wait for the future? Unlock the potential of your applications and create new business opportunities today with UCS Invicta Series Solid State Systems. Take advantage of the power of flash technology. See how it can help accelerate IT, eliminate data center bottlenecks, and deliver the peak application performance and predictability your users demand. Click here to learn more.


 Microsoft/Windows
1.   Windows 9 Preview Date: Sept. 30?
2.   Price Wars Hitting Laptop Market?
3.   Office 365 Tailored for Attorneys
4.   Plan Your Move from Windows 7 Now
5.   Microsoft Patch Tuesday Stars IE


advertisement
China Puts Microsoft Under the Lens
Official anti-monopoly probe launched.
Average Rating:
Plan Your Move from Windows 7 Now
But don't rush to deploy Windows 8.
Average Rating:
Dynamics CRM Online Extends Reach
Now available in 17 more countries.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Find Malicious Android Apps Can Hack Gmail
A new study shows that a weakness in the Android mobile operating system can be used to steal sensitive, personal info from unwitting users. Gmail proved to be the easiest app to attack; Amazon, the hardest.
 
UPS Stores in 24 States Hit by Data Breach
Big Brown has been breached. UPS said that about 105,000 customer transactions at 51 of its UPS Store locations in 24 states could have been compromised between January and August.
 
Cost of Target Data Breach: $148 Million Plus Loss of Trust
The now infamous Target data breach is still costing the company -- and its shareholders -- plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million.
 

Enterprise Hardware Spotlight
Acer's New Desktop Box Rides the Chrome OS Wave
Filling out its Chrome OS line, Acer is following the introduction of a larger Chromebook line earlier this month with a new tiny $180 desktop Chromebox and also a smaller Chromebook.
 
Feds OK $2.3 Billion IBM-Lenovo x86 Server Deal
IBM and Lenovo are celebrating U.S. approval of their x86-based server deal, having cleared some major security hurdles. The deal makes Lenovo a major player for enterprise data centers.
 
Three New Lenovo PCs Aimed at Business Users
With businesses wanting computing solutions that do more for less money, Lenovo has unveiled three new desktop PCs that it says offer solid computing at a budget-minded price.
 

Mobile Technology Spotlight
Screen Shortage Briefly Puts Brakes on iPhone 6
RAM? Check. Antenna switch? Check. Screen? Oops. Parts suppliers for Apple have found themselves facing a shortage of screens for the new iPhone 6 as next month's release date for the new smartphone looms.
 
Bounty Offered to Coders for Oculus Rift Bugs
Coders who find bugs in software for the Oculus Rift VR immersive headset could receive a reward of at least $500 under Facebook's White Hat bounty program. Facebook acquired Oculus in March.
 
Google Glass Adds Voice Access to Phone Contacts
The latest update to Google Glass will let users access their top 20 phone contacts with voice commands alone. A user can then choose a phone call, Google hangouts, e-mail or text messaging.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.