We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Experts show how 'Flame' malware fakes Windows

Security researchers have published detailed information about how Flame malware spreads through a network by exploiting Microsoft's Windows Update mechanism.

Their findings answer a key question: How could Flame infect fully patched Windows 7 machines?

They learned that hackers had located and exploited a flaw in Microsoft's Terminal Services licensing certificate authority that allowed them to generate code-validating certificates "signed" by Microsoft.

Armed with fake certificates, attackers could fool a Windows 7 PC into accepting a malicious file as a Microsoft update.

But Flame doesn't really compromise Windows Update. And it doesn't infiltrate the service to feed malicious files to unsuspecting users. Instead, a rogue configuration file modifies a machine's settings to route all traffic through the Flame-infected system, creating a complex mechanism for spreading the malware.

"This is one of the most interesting and complex malicious programs we have ever seen," wrote Alexander Gostev, leader of the research and analysis team at Moscow-based Kaspersky Lab, in a blog entry.

Microsoft has taken steps to stop the spoofing of Windows Update.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.

Read more about security in Computerworld's Security Topic Center.


IDG UK Sites

How to get a gold Apple Watch for £329: Save £7,500+ with this cool upgrade kit

IDG UK Sites

It's World Backup Day 2015! Don't wait another minute: back up now

IDG UK Sites

Don't Hug Me I'm Scared 4 is another disturbing sequel to Becky & Joe's YouTube hit

IDG UK Sites

History of Apple: how Apple came to lead the tech industry