Flame and other dangerous stuff

[impar]

Greetings!

Spy malware infecting Iranian networks is engineering marvel to behold
Researchers are still wrapping their brains around the mind-blowing "Flame."
...
The malware, dubbed "Flame" after one of the dozens of modules available for it, immediately evoked memories of Stuxnet, another piece of advanced malware that disabled uranium centrifuges in Iranian nuclear plants. As sophisticated as Stuxnet and a related piece of espionage software known as Duqu are, the latest piece of malware is probably orders of magnitude more sophisticated. When fully installed, its size is a whopping 20MB, and it also uses SQLite databases and dynamically generated code that uses the Lua programming language. Such characteristics suggest the malware, which Kaspersky estimates has been found on about 1,000 computer systems so far, could only have been written by a large team of highly skilled software engineers.

"The really interesting thing here is it seems to be another politically motivated, covert operation," Symantec researcher Liam O Murchu told Ars. "We don't normally see the highest infections in Iran, but we do in this case. Based on that, we're looking at another politically motivated attack, at stealing information, possibly written by a government or government agency."
...

+
http://www.securelist.com/en/blog?weblogid=208193522

[Seawolf]

What would be really ironic is if it was actually created in Iran.

[TedTS]

What would be really ironic is if it was actually created in Iran.

right,they are beta testing it

[impar]

Greetings!

"Flame" malware was signed by rogue Microsoft certificate
Emergency Windows update nukes credentials minted by Terminal Services bug.
Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries.

Iran-targeting Flame malware used huge network to steal blueprints
Over 80 fake domains were registered with fake identities.
Attackers behind the Flame espionage malware that targeted computers in Iran used more than 80 different domain names to siphon computer-generated designs, PDF files, and e-mail from its victims, according to a new analysis from researchers who helped discover the threat.

Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet
A couple of days ago, I received an e-mail from Iran. It was sent by an analyst from the Iranian Computer Emergency Response Team, and it was informing me about a piece of malware their team had found infecting a variety of Iranian computers. This turned out to be Flame: the malware that has now been front-page news worldwide.

[impar]

Greetings!

Flame malware hijacks Windows Update to spread from PC to PC
It's hard to patch a machine when the update mechanism is compromised.

The Flame espionage malware targeting Iranian computers contains code that can completely hijack the Windows update mechanism that Microsoft uses to distribute security patches to hundreds of millions of its users, security researchers said Monday.

Flame malware wielded rare "collision" crypto attack against Microsoft
Such real-world exploits are almost unheard of, underscoring Flame's ingenuity.
Attackers behind espionage software that infected Iranian computers targeted hard-to-exploit weaknesses in a cryptographic algorithm, a feat that allowed them to counterfeit a Microsoft digital credential, a member of the company's security team said.

[impar]

Greetings!

Flame's "god mode cheat code" wielded to hijack Windows 7, Server 2008 (Updated)
Code "better than" any zero-day exploit took complete control of systems.
The Flame malware that was likely spawned by a nation-state to spy on Iran employed a highly sophisticated cryptography attack that allowed it to pierce defenses Microsoft added to later versions of its Windows operating system, new research shows.

Flame lights its own self-destruct fuse
Amid the exposure of Flame, its authors appear to be going to ground, using what control they have of the malware to force it to self-destruct and disappear (almost) without a trace.

Microsoft contains Flame with Windows Update revamp
Following a groundbreaking cryptographic attack that hijacked the platform Microsoft uses to deliver updates to millions of large customers, the company has issued changes designed to prevent similar exploits from working again.

[powerarmour]

Flame's crypto attack may have needed $200,000 worth of compute power :-

http://arstechnica.com/security/2012/06 ... ute-power/

[impar]

Greetings!

Discovery of new "zero-day" exploit links developers of Stuxnet, Flame
Windows exploit code in Flame also used in Stuxnet.
...
Security researchers say they've found a conclusive link between the Flame espionage malware and Stuxnet, the powerful cyberweapon that US and Israeli officials recently confirmed they designed to sabotage Iran's nuclear program.
...

[impar]

Greetings!

Microsoft overhauls certificate management in response to Flame PKI hack
A new Windows auto-update will flag certs that are “no longer trustworthy.”

[impar]

Greetings!

Confirmed: Flame created by US and Israel to slow Iranian nuke program
Flame was developed by the NSA, CIA, and Israeli military, a new report says.