We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,864 News Articles

Flame Malware Spreading Itself Via Bogus Windows Updates

The program creates bogus certificates that allow it to fool Windows into thinking that certain components of Flame are from Microsoft

Flame, a massive malware package targeting computers in the Middle East, is spreading itself using bogus Windows updates.

The sophisticated malware that is being used by an unidentified creator to steal information from Iran and its neighbors is creating bogus certificates that allow it to fool Windows into thinking that certain components of Flame are Microsoft products.

After discovering the certificate problem, Microsoft acted quickly to address it. On Sunday, it issued a security advisory and a patch revoking the compromised certificates.

One of the ways Flames uses the certificates to spread itself is through false Windows updates, according to Alex Gostev, chief malware expert at Kaspersky Lab.

Gostev said when a machine runs Windows Update, a Flame component called "Gadget" redirects the update client to another infected machine on the network. That machine sends a malicious update to the first computer. The malicious update, security researchers noted, "uses the fake Microsoft certificate, which allows the bogus Windows Update to run in the victim’s machine without any warnings."

Since the world became aware of Flame, security software companies have issued updates to their anti-malware programs to neutralize the program. However, Gostev warned that Flame may still have some tricks embedded in its code.

"[T]here might still be an undiscovered zero-day vulnerability being used to initially infect computers with Flame," he cautioned. "It’s important to note that the initial Flame infection could still be happening through zero-day vulnerabilities."

A zero-day vulnerability is one that is unknown to a software vendor and the security community until it's discovered in malware operating "in the wild."

In a blog posting, Microsoft acknowledged that because Flame is being used in sophisticated, targeted attacks the vast majority of its customers aren't at risk from the malware. However, it advised that that is no reason to dawdle about installing the certificate patch. Some techniques used by Flame could also be leveraged by less sophisticated attackers to launch more widespread attacks on computers outside the malware's target area, it warned.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.


IDG UK Sites

Nokia Lumia 530 review: £60 smartphone offers decent build and performance, awful screen and...

IDG UK Sites

Apps watch: What the NFL can teach UK sports such as cricket and rugby

IDG UK Sites

Game of Thrones VFX work wins Emmy for Rodeo FX

IDG UK Sites

How to win iTunes Festival 2014 tickets: See Pharrell Williams, Ed Sheeran, Paolo Nutini, Kylie &...