bill-swift - June 7, 2012
Intercepted just late last month, the Flame malware has wreaked so much havoc that it's being dubbed as the "world's largest cyber-attack" ever discovered. It packs a triple threat, as the malware has been found to have components of a worm, a backdoor, and a Trojan.
Further analyses of Flame's attack code revealed that it was making use of rogue security certificates that make it appear as if Microsoft had officially signed off on them. In light of this discovery, Microsoft was swiftly issued a security advisory regarding spoofing and released updates that revoke trust in the certificates to prevent attacks that relied on the unauthorized certificates.
We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft.
-- Microsoft Security Response Center blog
In the advisory, Microsoft provides steps that IT administrators can take to block software signed by the rogue certificates, which prevents Flame from spreading as a result. Windows users who have enabled Automatic Updates will have the newly-released KB2718704 patch that addresses this issue automatically installed. Those who don't can manually get the patch by running Windows Update on their PCs manually.
Previously, security experts have even gone on to claim that its very existence had already managed to redefine the notion of cyberwar and cyberespionage. Most infections were reported by users located in Iran and other Middle Eastern countries like Israel, Sudan, Syria, and Egypt.
A handful of machines in North America have already been infected by Flame, so download all the latest updates for your computer and install an anti-virus program to protect your machine, if you haven't already.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.