Jump to content

PC Help Forum Free Tech Help and Support

PC Help Forum Free Tech Help and Support

Existing user? Sign In
Sign In

Email Address

Password

Remember me
Not recommended on shared computers

Forgot your password?
Sign Up

The Flame Malware Program uses Microsoft’s Security Certificates

Posted June 5, 201212 yr

FPCH Admin

Posted on FLAME[/b]

According to

“Flame, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware discovered in 2012that attacks computers running the Microsoft Windows operating system. The program is being used for targeted cyber espionage in Middle Eastern countries…. The last of these stated in its report that “sKyWIper is certainly the most sophisticated malware we encountered during our practice arguably, it is the most complex malware ever found.””

The malware creators used the Microsoft Terminal Server Licensing Service certificate, which uses the MD5 hashing algorithm. They produced a counterfeit certificate to sign some components of the malware to make them appear to have originated from Microsoft.

[url=http://www.everything-microsoft.com/2012/06/05/flame-malware-program-microsofts-security-certificates/flame/" rel="attachment wp-att-94508">http://cdn10.everything-microsoft.com/wp-content/uploads/2012/06/Flame.jpg?9d7bd4

The Microsoft Impact

Microsoft discovered some techniques used by this malware that can operate by less sophisticated attackers to launch attacks that are more widespread. But they also contend that most Windows users will not be affected, because the targets of this attack were very specific, the Middle East.

[url=http://www.everything-microsoft.com/2012/06/05/flame-malware-program-microsofts-security-certificates/flame-malware-map/" rel="attachment wp-att-94511">http://cdn6.everything-microsoft.com/wp-content/uploads/2012/06/Flame-Malware-Map-400x296.jpg?9d7bd4

Nevertheless, Microsoft has released a [url=http://support.microsoft.com/kb/2718704">Windows Update patch in which users should install. At their site, Microsoft has 15 versions of the update covering multiple versions of Windows from XP to x64-based versions of Windows Embedded Standard 7.

In the meantime, Microsoft has removed the certificates that could be used in spoofing, at least cleaning that up at their level. They found is that certificates issued by the Terminal Services licensing certification authority, which is intended to only be used for license server verification, could also be used to sign code as Microsoft.

So Microsoft will discontinue issuing certificates that could be used to sign code via the Terminal Services activation process.

[url=http://www.everything-microsoft.com/2012/06/05/flame-malware-program-microsofts-security-certificates/">The Flame Malware Program uses Microsoft’s Security Certificates was posted on [url=http://www.everything-microsoft.com">Everything Microsoft - Latest Microsoft News, Guides, Reviews & Themes. If you are not reading this content in an email newsletter, it is being used without permission.

View the full article

Another Forum - Unlike the Rest

Quote

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

https://freepchelp.forum/topic/2935-the-flame-malware-program-uses-microsoft%E2%80%99s-security-certificates/

Go to topic listing