HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 14 MINUTES AGO.
You are here: Home / Data Security / Flame Virus Leads MS To Issue Patch
Barium Ferrite (BaFe):
Higher Capacity, Superior Performance, Longer Archival Life
www.thefutureoftape.com
Flame Virus Leads Microsoft To Update Windows Update
Flame Virus Leads Microsoft To Update Windows Update
By Barry Levine / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JUNE
05
2012

The Flame computer virus, apparently targeted at Iran, is now leading Microsoft to button up its security. This week, the Redmond, Wash.-based technology giant said it was increasing security on its Windows Update software, which apparently helped distribute the Flame virus.

Microsoft said that whoever built the Flame virus exploited a vulnerability in Update, so that it looked like a legitimate download to the receiving computer or computers.

'Cryptographic Collision Attack'

A week ago, security experts revealed the existence of the Flame virus, which they described as one of the most complex viruses ever found. It's not clear who created it, or for what purpose, but most experts believe it was targeted specifically at computers in Iran and possibly other Middle Eastern countries.

The virus' creator has been attributed, without confirmation, to either the United States or Israel, or both. According to experts, it probably infected no more than a few thousand computers.

On Microsoft's official corporate security response blog, called the Security Response Center, Senior Director Mike Reavey wrote on Tuesday that the "Flame malware used a cryptographic collision attack," in combination with unauthorized digital certificates, which made it appear "as if it came from Microsoft."

To increase protection for customers, he added, "the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution."

On Monday, Reavey had written that the company's analysis found "some components of the malware have been signed by certificates" that could exploit an older cryptography algorithm used by Microsoft's Terminal Server Licensing Service. This kind of exploitation is known as a "man-in-the-middle" attack, in that there is an "impersonation" of a download delivered through Microsoft Update.

'Most Sophisticated' Ever

In order to mitigate that risk, Reavey said the company was releasing a Security Advisory outlining ways that customers can block software signed by the unauthorized certificates. An update automatically takes that step for customers, and the Terminal Server Licensing Service is no longer issuing certificates that allow for code to be signed.

Reavey also noted that the now-corrected flaw could otherwise have been used by developers of less-sophisticated viruses.

The anti-virus researchers who discovered Flame indicate that, in addition to getting into a network, this man-in-the-middle attack was intended to help spread Flame from one computer to another in the same network. Apparently, Flame intercepted requests to Windows Update by uninfected computers, and then delivered its virus to those computers.

Even as Microsoft and security researchers are trying to nail shut the barn door, they are clearly in awe of the technical prowess that produced Flame. Security firm Kaspersky Labs, which helped discover Flame, has written on its SecureList blog that, as their investigation continues, they have discovered that "this is one of the most interesting and complex malicious programs we have ever seen."

In short, the Labs wrote, while the previous Stuxnet and Duqu super-virus weapons "raised the stakes," Flame is possibly "the most sophisticated cyber weapon yet released."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Forrester study shows 187% ROI with Druva Endpoint Backup: In a commissioned study conducted by Forrester Consulting on behalf of Druva, Forrester found that the costs and benefits for a composite organization with 3,000 inSync users, based on customer interviews, are: 1) 187% return on investment, and 2) Total cost savings and benefits of $3.8 million. Click here to access the study now.
MORE IN DATA SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
The FBI is pointing the finger of blame for the Sony Pictures cyberattack directly at North Korea. The hackers stole confidential data and caused the movie giant to can its new comic film, "The Interview."

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.