Tuesday, June 19, 2012

Flame virus can hijack PCs by spoofing Windows Update

Via Survival

Cyberwarfare

Using rogue security certificates, the virus is able to exploit Microsoft's Windows Update service to infect unsuspecting computers.

The infamous Flame virus can infect even secure PCs by tricking them into believing its malicious payload is actually an update from Microsoft.

As we already know, Flame has gained traction by tapping into security certificates for Microsoft's Terminal Server. Though they appear to be digitally signed by Microsoft, the certificates are actually cooked up by the people behind Flame, thereby tricking PCs into accepting them as legitimate.

Microsoft and Symantec revealed yesterday that the virus can up the ante by using the fake certificates to spoof Microsoft's own Windows Update service. As such, Windows PCs could receive an update that claims to be from Microsoft but is in fact a launcher for the malware.

Symantec described the method behind Flame's madness: The virus, also known as Flamer, uses three applications to infect PCs -- Snack, Munch, and Gadget. Collectively, this trio can trick PCs into redirecting Internet traffic to an infected computer with a fake Web server,. Once infected, a PC thinks the file that loads Flame is actually a Windows Update from Microsoft.

And as Symantec explained in its blog, spoofing Windows Update is not a trivial matter.

More @ Cyberwarzone


No comments:

Post a Comment