Flame or Flamer, an admittedly sophisticated piece of malware, appears to have more tricks up its sleeve thansecurity researchers had initially believed. Security firm Kaspersky has discovered that the virus turns infected PCs into Windows Update serverswhich may then fool uninfected PCs into downloading and installingFlame. The multi-phase attack begins with an infected Windows PC lacedwith illegitimate security certificates -- certs which appear to bedigitally signed by Microsoft. Patient zero then advertises itselfacross the network as an proxy server, funneling Internet trafficthrough itself and cementing its man-in-the-middle role. OtherWindows computers discover the infected computer and beginautomatically using it as a proxy. When those unsuspecting PCsbegin to download and install their regularly scheduled WindowsUpdates, the false proxy server substitutes requests for legitimateupdates with its own versions -- packaged installers for Flame. To spread across a network, Flame relies on "automaticallydetect [proxy] settings" being active, an option found ControlPanel Internet Options Connections. Unfortunately, thisoption is enabled automatically on most default Windows installsunless explicitly disabled by the user or through group policies. Although clever and obviously dangerous, there's little need forpanic just yet. Flame continues to be isolated in the Middle Eastand purposefully so, experts believe. The virus also further narrows its scope by targeting governmentnetworks, meaning everyday Internet citizens should be safe, atleast for the moment. It is unlikely that you are the target of Flamer unless you are anofficial in a Middle Eastern government or working on weaponsresearch for such a government. Flamer is not "outthere" on the Internet right now, spreading from country tocountry. You are not likely to find Flamer attached to an email inyour Outlook Inbox (USB flash drives seem to be Flamer"sinfection vector of choice). And if you are using a good antivirusproduct it is now protecting you from Flamer. The major AV productswere quickly updated to detect Flamer and the better ones will nowhave generic detection of malware that has"Flamer-like" characteristics. Even though Flame may itself remain in isolation due to apparentpolitical motivations, don't be surprised if other virus writerstry to capitalize the ingenuity displayed by Flame's numerous modules . Fooling Windows Update on a PC is no trivial matter but Flame'sdesigners managed to do something that no other malware creator hasbeen known to do thus far -- make a illegitimate certificate whichWindows wholeheartedly believes is signed by Microsoft. This haslong been the holy grail of malware writers , according to F-Secure and it brings with it some potentiallyscary consequences. This ability of Flame is key to its seamlesssubversion of Windows Update. We are high quality suppliers, our products such as DVR , Pipe Inspection Camera for oversee buyer. To know more, please visits HD CCTV Cameras.
Related Articles -
DVR, Pipe Inspection Camera,
|