Flame - The Malware That Pwned The Internet

DfgDfg Admin
edited June 2012 in Tech & Games
It was discovered recently in the past months, it dates back to 2007 and some cases it's activity peaked during 2010 but in 2012 researches were shocked to discover a Malware that was completely different from others. From the start it was hard to spot, it was controlled using C&C servers placed all over the world, it can successfully take down even patched system, every Windows user was at risk and it's unknown if it targeted other platforms. But it was a quite a show, the Tech/Security websites are full of articles, each week I discover something new. Like yesterday it had a feature that can kill all the active agents and completely self destruct. But that's not all, it can log, capture and completely control your system.

The thing that made is so awesome where Microsoft Certificate, and Windows Update. Yes, it basically came packed as a signed executable using Microsoft Certificates! Imagine that.

Now, I can talk about it all day long but I don't really have much time, I will just direct you to various articles so you can discover things on your own.

http://arstechnica.com/security/2012/06/flames-god-mode-cheat-code-wielded-to-hijack-windows-7-server-2008/
http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/
http://www.cio.com.au/article/427005/flame_authors_order_infected_computers_remove_all_traces_malware/
http://www.wired.com/threatlevel/2012/06/internet-security-fail/
http://www.scmagazineuk.com/failure-to-detect-flame-marks-the-end-of-signature-based-anti-virus/article/243505/


It should me noted that Flame was spotted in the Middle East mostly Iran. It's main objectives included tracking down the systems and taking control over them. This looks like an agency job because Flame was well funded.

I did run a Traffic Inspection using Wireshark but Flame can stay in your system and be hidden from everyone. So, even if you're infected you don't know where to look.

Comments

Sign In or Register to comment.