Microsoft has issued an emergency security patch (Flame malware)
June 4, 2012 — bluecollarpc
Microsoft has issued an emergency security patch (Flame malware) (FIX LINK!)
DOWNLOAD FIX: (OR at RUN Windows Updates)
Microsoft Knowledge Base Article 2718704
http://support.microsoft.com/kb/2718704
Fw: US-CERT Current Activity – Unauthorized Microsoft Digital Certificates
http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/1777
This document can also be found at
http://www.us-cert.gov/current/#microsoft_unauthorized_digital_certificates
INFECTED?
Flamer removal tool from Bitdefender
Help Net Security
It goes places where other spyware doesn’t go, retrieves information others don’t retrieve, and ensures the infected computer has no privacy whatsoever,”said Catalin Cosoi, Bitdefender’s Chief Security Researcher. “Luckily, the Bitdefender removal tool …
http://www.net-security.org/malware_news.php?id=2128
——–
Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
http://technet.microsoft.com/en-us/security/advisory/2718704
Published: Sunday, June 03, 2012
Version: 1.0
Affected Software and Devices
This advisory discusses the following affected software and devices.
Operating System
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Affected Devices
Windows Mobile 6.x
Windows Phone 7
Windows Phone 7.5
———-
WARNING!
Flame malware hijacks Windows Update to spread from PC to PC
Ars Technica
The Flame espionage malware targeting Iranian computers contains code that can completely hijack the Windows update mechanism that Microsoft uses to distribute security patches to hundreds of millions of its users, security researchers said Monday….
http://arstechnica.com/security/2012/06/flame-malware-hijacks-windows-update-to-propogate/
INFECTED?
Flamer removal tool from Bitdefender
Help Net Security
It goes places where other spyware doesn’t go, retrieves information others don’t retrieve, and ensures the infected computer has no privacy whatsoever,”said Catalin Cosoi, Bitdefender’s Chief Security Researcher. “Luckily, the Bitdefender removal tool …
http://www.net-security.org/malware_news.php?id=2128
Homeland Security warns businesses about new cyber weapon
Examiner.com
Webroot said they first encountered a sample of Flame malware in December 2007. Researchers believe Duqu may have been created in August 2007. The first variant of Stuxnet did not appear on computers until June 2009. Cyber security experts at Kaspersky …
http://www.examiner.com/article/homeland-security-warns-businesses-about-new-cyber-weapon
Microsoft certificate used to sign Flame malware, issues warning
http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980
=========
Cover Story: Cyber spy program Flame compromises Microsoft security system
http://news.yahoo.com/cyber-spy-program-flame-compromises-key-microsoft-security-170651458–abc-news-topstories.html
Microsoft certification authority signing certificates added to the Untrusted
Certificate Store
3 Jun 2012 5:55 PM
IN FULL:
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx
“Today, we released Security Advisory 2718704, notifying customers that
unauthorized digital certificates have been found that chain up to a Microsoft
sub-certification authority issued under the Microsoft Root Authority. With this
blog post, we’d like to dig into more technical aspects of this situation,
potential risks to your enterprise, and actions you can take to protect yourself
against any potential attacks that would leverage unauthorized certificates
signed by Microsoft
We’d also like to share how this issue relates to a complex piece of targeted
malware known as “Flame”. As many reports assert, Flame has been used in highly
sophisticated and targeted attacks and, as a result, the vast majority of
customers are not at risk. Additionally, most antivirus products will detect
and remove this malware. That said, our investigation has discovered some
techniques used by this malware that could also be leveraged by less
sophisticated attackers to launch more widespread attacks. Therefore, to help
protect both targeted customers and those that may be at risk in the future, we
are sharing our discoveries and taking steps to mitigate the risk to
customers….. “
IN FULL
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx
RELATED LINK
Security Advisory 2718704,
http://technet.microsoft.com/en-us/security/advisory/2718704
=========
Microsoft certificate used to sign Flame malware, issues warning
ZDNet (blog)
By Zack Whittaker | June 4, 2012, 6:04am PDT
Summary: Microsoft has issued a security advisory warning and a high-priority update after parts of the Flame malware were signed with Microsoft-issued certificates. Microsoft has issued an emergency …
http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980
=========
OLDER
Term of the Day: Flame Virus
http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/1743
Flame Malware: All You Need to Know
Network World
Because of this, it is an extremely difficult piece of malware to analyze. The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a …
http://www.networkworld.com/news/2012/053012-flame-malware-all-you-need-259713.html?hpg1=bn
FAQ: Flame, the “super spy”
The H
by Jürgen Schmidt The spyware worm Flame is being billed as a “deadly cyber weapon”, but a calmer analysis reveals it to be a tool by professionals for professionals that doesn’t actually have that many new features compared to, say, the widespread …
http://www.h-online.com/security/features/FAQ-Flame-the-super-spy-1587063.html
Flame: Trying to Unravel the Mystery of ‘Sophisticated’ Spying Malware
PBS
Reportedly capable of taking computer screenshots, logging keystrokes and even listening in on office conversations, malware known as “Flame” is grabbing international attention after appearances in Iran and elsewhere in the Middle East….
http://www.pbs.org/newshour/bb/science/jan-june12/theflame_05-30.html
New malware Flame said to be “the most complex threat ever discovered”
allvoices
By arkar
If reports are to be believed, a malware identified as Flame has, for the past two years, been collecting private data from such countries as Iran and Israel and is being described as “one of the most complex threats ever discovered…..
http://www.allvoices.com/contributed-news/12267165-new-malware-flame-detected-said-to-be-the-most-complex-threat-ever-discovered
Flame ‘first Windows-based malware ever observed to use Bluetooth’
CSO (blog)
Despite all the hype I’ve complained about these last few days regarding Flame, there is some interesting research from the vendor community worth noting here,
including the malware’s affinity for Bluetooth. Symantec sent me the details in an email …
http://blogs.csoonline.com/malwarecybercrime/2203/flame-first-windows-based-malware-ever-observed-use-bluetooth
Don’t Get Burned By ‘Flame’ Malware Attack
PCWorld
Weighing in at 20 megabytes, and somewhere around 750000 lines of code, Flame is much closer to a commercial application like Microsoft Word, or Intuit’s Quicken than it is to the vast majority of malware attacks out there. The question is should you …
http://www.pcworld.com/article/256499/dont_get_burned_by_flame_malware_attack.html
UPDATE EDIT…..
DOWNLOAD FIX: (OR at RUN Windows Updates)
Microsoft Knowledge Base Article 2718704
http://support.microsoft.com/kb/2718704
Fw: US-CERT Current Activity – Unauthorized Microsoft Digital Certificates
http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/1777
This document can also be found at
http://www.us-cert.gov/current/#microsoft_unauthorized_digital_certificates
INFECTED?
Flamer removal tool from Bitdefender
Help Net Security
It goes places where other spyware doesn’t go, retrieves information others don’t retrieve, and ensures the infected computer has no privacy whatsoever,”said Catalin Cosoi, Bitdefender’s Chief Security Researcher. “Luckily, the Bitdefender removal tool …
http://www.net-security.org/malware_news.php?id=2128
——–
Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
http://technet.microsoft.com/en-us/security/advisory/2718704
Published: Sunday, June 03, 2012
Version: 1.0
Affected Software and Devices
This advisory discusses the following affected software and devices.
Operating System
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Affected Devices
Windows Mobile 6.x
Windows Phone 7
Windows Phone 7.5
———-
WARNING!
Flame malware hijacks Windows Update to spread from PC to PC
Ars Technica
The Flame espionage malware targeting Iranian computers contains code that can completely hijack the Windows update mechanism that Microsoft uses to distribute security patches to hundreds of millions of its users, security researchers said Monday….
http://arstechnica.com/security/2012/06/flame-malware-hijacks-windows-update-to-propogate/
INFECTED?
Flamer removal tool from Bitdefender
Help Net Security
It goes places where other spyware doesn’t go, retrieves information others don’t retrieve, and ensures the infected computer has no privacy whatsoever,”said Catalin Cosoi, Bitdefender’s Chief Security Researcher. “Luckily, the Bitdefender removal tool …
http://www.net-security.org/malware_news.php?id=2128
Homeland Security warns businesses about new cyber weapon
Examiner.com
Webroot said they first encountered a sample of Flame malware in December 2007. Researchers believe Duqu may have been created in August 2007. The first variant of Stuxnet did not appear on computers until June 2009. Cyber security experts at Kaspersky …
http://www.examiner.com/article/homeland-security-warns-businesses-about-new-cyber-weapon
Microsoft certificate used to sign Flame malware, issues warning
http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980
=========
Cover Story: Cyber spy program Flame compromises Microsoft security system
http://news.yahoo.com/cyber-spy-program-flame-compromises-key-microsoft-security-170651458–abc-news-topstories.html
Microsoft certification authority signing certificates added to the Untrusted
Certificate Store
3 Jun 2012 5:55 PM
IN FULL:
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx
“Today, we released Security Advisory 2718704, notifying customers that
unauthorized digital certificates have been found that chain up to a Microsoft
sub-certification authority issued under the Microsoft Root Authority. With this
blog post, we’d like to dig into more technical aspects of this situation,
potential risks to your enterprise, and actions you can take to protect yourself
against any potential attacks that would leverage unauthorized certificates
signed by Microsoft
We’d also like to share how this issue relates to a complex piece of targeted
malware known as “Flame”. As many reports assert, Flame has been used in highly
sophisticated and targeted attacks and, as a result, the vast majority of
customers are not at risk. Additionally, most antivirus products will detect
and remove this malware. That said, our investigation has discovered some
techniques used by this malware that could also be leveraged by less
sophisticated attackers to launch more widespread attacks. Therefore, to help
protect both targeted customers and those that may be at risk in the future, we
are sharing our discoveries and taking steps to mitigate the risk to
customers….. “
IN FULL
http://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx
RELATED LINK
Security Advisory 2718704,
http://technet.microsoft.com/en-us/security/advisory/2718704
=========
Microsoft certificate used to sign Flame malware, issues warning
ZDNet (blog)
By Zack Whittaker | June 4, 2012, 6:04am PDT
Summary: Microsoft has issued a security advisory warning and a high-priority update after parts of the Flame malware were signed with Microsoft-issued certificates. Microsoft has issued an emergency …
http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980
=========
OLDER
Term of the Day: Flame Virus
http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/1743
Flame Malware: All You Need to Know
Network World
Because of this, it is an extremely difficult piece of malware to analyze. The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a …
http://www.networkworld.com/news/2012/053012-flame-malware-all-you-need-259713.html?hpg1=bn
FAQ: Flame, the “super spy”
The H
by Jürgen Schmidt The spyware worm Flame is being billed as a “deadly cyber weapon”, but a calmer analysis reveals it to be a tool by professionals for professionals that doesn’t actually have that many new features compared to, say, the widespread …
http://www.h-online.com/security/features/FAQ-Flame-the-super-spy-1587063.html
Flame: Trying to Unravel the Mystery of ‘Sophisticated’ Spying Malware
PBS
Reportedly capable of taking computer screenshots, logging keystrokes and even listening in on office conversations, malware known as “Flame” is grabbing international attention after appearances in Iran and elsewhere in the Middle East….
http://www.pbs.org/newshour/bb/science/jan-june12/theflame_05-30.html
New malware Flame said to be “the most complex threat ever discovered”
allvoices
By arkar
If reports are to be believed, a malware identified as Flame has, for the past two years, been collecting private data from such countries as Iran and Israel and is being described as “one of the most complex threats ever discovered…..
http://www.allvoices.com/contributed-news/12267165-new-malware-flame-detected-said-to-be-the-most-complex-threat-ever-discovered
Flame ‘first Windows-based malware ever observed to use Bluetooth’
CSO (blog)
Despite all the hype I’ve complained about these last few days regarding Flame, there is some interesting research from the vendor community worth noting here,
including the malware’s affinity for Bluetooth. Symantec sent me the details in an email …
http://blogs.csoonline.com/malwarecybercrime/2203/flame-first-windows-based-malware-ever-observed-use-bluetooth
Don’t Get Burned By ‘Flame’ Malware Attack
PCWorld
Weighing in at 20 megabytes, and somewhere around 750000 lines of code, Flame is much closer to a commercial application like Microsoft Word, or Intuit’s Quicken than it is to the vast majority of malware attacks out there. The question is should you …
http://www.pcworld.com/article/256499/dont_get_burned_by_flame_malware_attack.html
UPDATE EDIT…..
Flame malware made to self-destruct after discovery —Symantec
GMA News
Shortly after it was discovered and made public, the “Flame” (or “Flamer”) malware, which security vendors have described as a potent super cyber-weapon, received a command from its creator to self-destruct. According to security vendor Symantec, …
http://www.gmanetwork.com/news/story/261076/scitech/technology/flame-malware-made-to-self-destruct-after-discovery-mdash-symantec
GMA News
Shortly after it was discovered and made public, the “Flame” (or “Flamer”) malware, which security vendors have described as a potent super cyber-weapon, received a command from its creator to self-destruct. According to security vendor Symantec, …
http://www.gmanetwork.com/news/story/261076/scitech/technology/flame-malware-made-to-self-destruct-after-discovery-mdash-symantec
Flame authors order infected computers to remove all traces of the malware
Computerworld
By Lucian Constantin IDG News Service – The creators of the Flame cyber-espionage threat ordered infected computers still under their control to download and execute a component designed to remove all traces of the malware and prevent forensic analysis …
http://www.computerworld.com/s/article/9227876/Flame_authors_order_infected_computers_to_remove_all_traces_of_the_malware
Computerworld
By Lucian Constantin IDG News Service – The creators of the Flame cyber-espionage threat ordered infected computers still under their control to download and execute a component designed to remove all traces of the malware and prevent forensic analysis …
http://www.computerworld.com/s/article/9227876/Flame_authors_order_infected_computers_to_remove_all_traces_of_the_malware
Flame gets suicide command
Register
By Richard Chirgwin
Register
By Richard Chirgwin
The
controllers of the Flame malware have apparently reacted to the
publicity surrounding the attack by sending a self-destruct command.
According to Symantec, some command-and-control machines have sent …
http://www.theregister.co.uk/2012/06/07/flame_suicide_command/
http://www.theregister.co.uk/2012/06/07/flame_suicide_command/