We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Flame Malware Spreading Itself Via Bogus Windows Updates

The program creates bogus certificates that allow it to fool Windows into thinking that certain components of Flame are from Microsoft

Flame, a massive malware package targeting computers in the Middle East, is spreading itself using bogus Windows updates.

The sophisticated malware that is being used by an unidentified creator to steal information from Iran and its neighbors is creating bogus certificates that allow it to fool Windows into thinking that certain components of Flame are Microsoft products.

After discovering the certificate problem, Microsoft acted quickly to address it. On Sunday, it issued a security advisory and a patch revoking the compromised certificates.

One of the ways Flames uses the certificates to spread itself is through false Windows updates, according to Alex Gostev, chief malware expert at Kaspersky Lab.

Gostev said when a machine runs Windows Update, a Flame component called "Gadget" redirects the update client to another infected machine on the network. That machine sends a malicious update to the first computer. The malicious update, security researchers noted, "uses the fake Microsoft certificate, which allows the bogus Windows Update to run in the victim’s machine without any warnings."

Since the world became aware of Flame, security software companies have issued updates to their anti-malware programs to neutralize the program. However, Gostev warned that Flame may still have some tricks embedded in its code.

"[T]here might still be an undiscovered zero-day vulnerability being used to initially infect computers with Flame," he cautioned. "It’s important to note that the initial Flame infection could still be happening through zero-day vulnerabilities."

A zero-day vulnerability is one that is unknown to a software vendor and the security community until it's discovered in malware operating "in the wild."

In a blog posting, Microsoft acknowledged that because Flame is being used in sophisticated, targeted attacks the vast majority of its customers aren't at risk from the malware. However, it advised that that is no reason to dawdle about installing the certificate patch. Some techniques used by Flame could also be leveraged by less sophisticated attackers to launch more widespread attacks on computers outside the malware's target area, it warned.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.


IDG UK Sites

Android M Developer Preview announced at Google I/O: Android M UK release date and new features. Wh?......

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Ben & Holly's Game of Thrones titles spoof is delightfully silly

IDG UK Sites

Mac OS X 10.11 release date rumours: all the new features expected in Yosemite successor