News:

Forum is currently set to Admin Approval for New Members
Pegasus Gofundme website



Main Menu

Move over STUXNET & DUQU...FLAME is here!

Started by Ellirium113, June 01, 2012, 03:24:56 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Ellirium113

June 01, 2012, 03:24:56 AM
QuoteFlame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar 'super-weapons' currently deployed in the Middle East by unknown perpetrators. Flame can easily be described as one of the most complex threats ever discovered. It's big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.

For the full low-down on this advanced threat, read on...


http://www.securelist.com/en/blog?weblogid=208193522#

Well if Microsoft could only offer a work-around at best for DUQU I guess this one also will be here to stay for a while.  :(

Amaterasu

#1
June 01, 2012, 03:42:54 AM
Oh...Joy.

Bet I will get it if I don't have it now.  Seems My 'puter has a very weak immune system.
"If the universe is made of mostly Dark Energy...can We use it to run Our cars?"

"If You want peace, take the profit out of war."

Ellirium113

#2
June 08, 2012, 11:59:33 PM
Oh, the news just keeps getting better though...

Flame Malware Spreading Itself Via Bogus Windows Updates



QuoteOne of the ways Flames uses the certificates to spread itself is through false Windows updates, according to Alex Gostev, chief malware expert at Kaspersky Lab.

QuoteAfter discovering the certificate problem, Microsoft acted quickly to address it. On Sunday, it issued a security advisory and a patch revoking the compromised certificates.

http://www.pcworld.com/article/256862/flame_malware_spreading_itself_via_bogus_windows_updates.html

Ironically this came in the form of a Windows update.  :P

Microsoft releases Security Advisory 2718704


QuoteWe have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.

We are taking several steps to remove this risk:

• First, today we released a Security Advisory outlining steps our customers can take to block software signed by these unauthorized certificates.
• Second, we released an update that automatically takes this step for our customers.
• Third, the Terminal Server Licensing Service no longer issues certificates that allow code to be signed.

Let's hope the Flame update doesn't have the same name as the Windows update to remove it.  :-X

http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx
Print
Go Up Pages1
User actions