We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,785 News Articles

Experts show how 'Flame' malware fakes Windows

Security researchers have published detailed information about how Flame malware spreads through a network by exploiting Microsoft's Windows Update mechanism.

Their findings answer a key question: How could Flame infect fully patched Windows 7 machines?

They learned that hackers had located and exploited a flaw in Microsoft's Terminal Services licensing certificate authority that allowed them to generate code-validating certificates "signed" by Microsoft.

Armed with fake certificates, attackers could fool a Windows 7 PC into accepting a malicious file as a Microsoft update.

But Flame doesn't really compromise Windows Update. And it doesn't infiltrate the service to feed malicious files to unsuspecting users. Instead, a rogue configuration file modifies a machine's settings to route all traffic through the Flame-infected system, creating a complex mechanism for spreading the malware.

"This is one of the most interesting and complex malicious programs we have ever seen," wrote Alexander Gostev, leader of the research and analysis team at Moscow-based Kaspersky Lab, in a blog entry.

Microsoft has taken steps to stop the spoofing of Windows Update.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.

Read more about security in Computerworld's Security Topic Center.


IDG UK Sites

3 of the best portable chargers: a solar power charger, a hand-cranked charger, and how to charge...

IDG UK Sites

iOS 8 review: Hands on with the iOS 8 beta

IDG UK Sites

Thinking robots: The philosophy of artificial intelligence and evolving technology

IDG UK Sites

Sharknado 2 VFX: how The Asylum created CG flying man-eating sharks