Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
Data Security
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Flame Virus Leads Microsoft To Update Windows Update
Flame Virus Leads Microsoft To Update Windows Update

By Barry Levine
June 5, 2012 1:53PM

Bookmark and Share
The anti-virus researchers who discovered Flame indicate that, in addition to getting into a network, Flame's "man-in-the-middle" attack was intended to help spread Flame from one computer to another in the same network. Apparently, Flame intercepted requests to Windows Update by uninfected computers, and then delivered its virus to those computers.
 


The Flame computer virus, apparently targeted at Iran, is now leading Microsoft to button up its security. This week, the Redmond, Wash.-based technology giant said it was increasing security on its Windows Update software, which apparently helped distribute the Flame virus.

Microsoft said that whoever built the Flame virus exploited a vulnerability in Update, so that it looked like a legitimate download to the receiving computer or computers.

'Cryptographic Collision Attack'

A week ago, security experts revealed the existence of the Flame virus, which they described as one of the most complex viruses ever found. It's not clear who created it, or for what purpose, but most experts believe it was targeted specifically at computers in Iran and possibly other Middle Eastern countries.

The virus' creator has been attributed, without confirmation, to either the United States or Israel, or both. According to experts, it probably infected no more than a few thousand computers.

On Microsoft's official corporate security response blog, called the Security Response Center, Senior Director Mike Reavey wrote on Tuesday that the "Flame malware used a cryptographic collision attack," in combination with unauthorized digital certificates, which made it appear "as if it came from Microsoft."

To increase protection for customers, he added, "the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution."

On Monday, Reavey had written that the company's analysis found "some components of the malware have been signed by certificates" that could exploit an older cryptography algorithm used by Microsoft's Terminal Server Licensing Service. This kind of exploitation is known as a "man-in-the-middle" attack, in that there is an "impersonation" of a download delivered through Microsoft Update.

'Most Sophisticated' Ever

In order to mitigate that risk, Reavey said the company was releasing a Security Advisory outlining ways that customers can block software signed by the unauthorized certificates. An update automatically takes that step for customers, and the Terminal Server Licensing Service is no longer issuing certificates that allow for code to be signed.

Reavey also noted that the now-corrected flaw could otherwise have been used by developers of less-sophisticated viruses.

The anti-virus researchers who discovered Flame indicate that, in addition to getting into a network, this man-in-the-middle attack was intended to help spread Flame from one computer to another in the same network. Apparently, Flame intercepted requests to Windows Update by uninfected computers, and then delivered its virus to those computers.

Even as Microsoft and security researchers are trying to nail shut the barn door, they are clearly in awe of the technical prowess that produced Flame. Security firm Kaspersky Labs, which helped discover Flame, has written on its SecureList blog that, as their investigation continues, they have discovered that "this is one of the most interesting and complex malicious programs we have ever seen."

In short, the Labs wrote, while the previous Stuxnet and Duqu super-virus weapons "raised the stakes," Flame is possibly "the most sophisticated cyber weapon yet released."
 

Tell Us What You Think
Comment:

Name:



Get Powerful App Acceleration with Cisco. In a world where time is money, you need to accelerate the speed at which data moves through your data center. Cisco UCS Invicta delivers powerful, easy-to-manage application acceleration for data-intensive workloads. So you can make decisions faster and outpace the competition. Learn More.


 Data Security
1.   Tor Working To Fix Security Exploit
2.   Hackers Breached StubHub Accounts
3.   Juniper DDoS for High-IQ Networks
4.   Google Hacker Team to Hunt Bugs
5.   Cloud Firms Offer Azure Starter Kit


advertisement
Tor Working To Fix Security Exploit
Bug reportedly reveals ID of users
Average Rating:
Gartner Rates IT Security Companies
IBM, HP, McAfee, Splunk ranked well.
Average Rating:
Hackers Target Western Energy Firms
Appears to be state-sponsored group.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 

Enterprise Hardware Spotlight
Microsoft Makes Design Central to Its Future
Over the last four years, Microsoft has doubled the number of designers it employs, putting a priority on fashioning devices that work around people's lives -- and that are attractive and cool.
 
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.