Hackers Fake Microsoft Update; Spread Malware

Dennis Faas's picture

Cyber-crooks have reportedly used fake Microsoft credentials to spread the new Flame malware. In response, Microsoft has issued an 'emergency security advisory', along with a guide telling people how to protect their computer systems and networks.

The Flame virus is a bit unusual, in that it is designed to steal data rather than corrupt or take down computer systems.

Described by researchers at Kaspersky Lab as a "complete attack toolkit," the Flame virus is considered by many to be an even bigger security threat than the massive Stuxnet worm, which it closely resembles.

Flame Masquerades as Legitimate Microsoft Code

Although it was dangerous before, Flame now poses an even bigger risk. The cybercriminals behind it have successfully configured their virus to use legitimate Microsoft credentials to help it slip under network defenses.

In a recent post on the Microsoft Security Response Center blog, Microsoft stated: "We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft." (Source: pcmag.com)

Experts believe that the people behind Flame have found and exploited a new flaw in the Terminal Server Licensing Service used by many IT administrators to authorize Remote Desktop services on Windows-based networks.

Because most IT systems accept legitimate Microsoft code by default, the Flame virus -- which can now appear legit to network defenses -- is often accepted and passed through to vulnerable computer data and systems.

Microsoft Sends Emergency Security Advisory

To combat this new danger, Microsoft has now released an Emergency Security Advisory that explains in great detail exactly how IT administrators can block any of Flame's rogue security certificates from gaining unauthorized access to networks.

But for some IT administrators, this may be too little, too late. nCircle security expert Andrew Storms warns that the "discovery of a bug that's been used to circumvent Microsoft's secure code certificate hierarchy is a major breach of trust," and points out that "it's a big deal for every Microsoft user." (Source: pcworld.com)

However, Flame is a highly targeted form of malware, so the systems of most home users are not likely to be targeted by those who designed this potent virus.

Storms believes the sophisticated nature of Flame's most recent attack lends weight to the theory that the hackers behind it represent a nation-state, meaning they may have the financial backing of a powerful government.

Rate this article: 
No votes yet