Print 26 comment(s) - last by BigEdMan.. on Jun 8 at 8:48 PM

Fighting copycats variants of a piece of escaped government malware is no easy task

In the Middle East, information technology experts are grappling with a very persistent piece of malware dubbed Flame.  Flame is slightly older than the much-discussed Stuxnet worm.  Stuxnet is a researcher-named escaped variant of "The Bug", a series of worms used in an elaborate U.S. and Israeli cyber-sabotage program code-named "Olympics Games".  That effort was aimed (successfully) at destroying Iranian nuclear weapons fuel enrichment centrifuges without bloodshed.

I. Flame Forces Patch

Likewise, Flame is suspected to be written by the U.S. to target Iranian nuclear efforts or possibly Al Qaeda.  However, its goals appeared to be aimed at reconnaissance rather than sabotage.  

Regardless of the purpose, it is less subtle than "The Bug" variants, and while confined largely to the Middle East has been a top cleanup priority for Microsoft Corp. (MSFT).

Flame worm
Rooting out the Flame worm is a top priority for Microsoft. [Image Source: Krishnan Vasuvedan]

On its Tech NetMicrosoft Security Response Center blog, Microsoft laid out its plans to slay Flame and harden its Windows Update (WU) process in a pair of blogs.

Microsoft reports that Flame spread itself by using cryptography weaknesses in an older version of Microsoft's certification process.  That allowed the software to pose as trusted signed software from Microsoft and install without warning the user.

Flame infographic
Flame has narrowly targeted the Middle East, particularly Iran. [Image Source: Kapersky Labs]

In its blog, Microsoft warns, "As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk.... That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks."

The blog goes on to reveal the company's current fix to the problem, outlining:

• First, today we released a Security Advisory outlining steps our customers can take to block software signed by these unauthorized certificates.

• Second, we released an update that automatically takes this step for our customers.

• Third, the Terminal Server Licensing Service no longer issues certificates that allow code to be signed.

II. Malicious Updates are a Harder Fix

But Flame illustrated deeper underlying security issues for Windows, in that Microsoft feared that copycats could tamper with the Windows Update process to prevent its potential removal.  Some malware authors have been finding ways to literally "turn off" Windows Update, preventing fixes and patches from reach affected machines.  And as Microsoft notes in its blog update, sophisticated attackers could even leverage Windows Update to deliver malware masquerading as signed Microsoft updates.
The dreaded restart prompt
Malware writers could potentially disguise their malfeasant wares as Windows Updates.

The company writes that it plans on "hardening" WU, commenting:

To increase protection for customers, the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution. We will begin this update following broad adoption of Security Advisory 2718704 in order not to interfere with that update’s worldwide deployment. We will provide more information on the timing of the additional hardening to Windows Update in the near future.

In other words, while sophisticated state-written malware like Flame and Stuxnet may have created headaches, both diplomatically and technologically, they served as a "full disclosure" warning of sorts to Microsoft.  These attacks have given it the knowledge and motivation to patch some gaping holes that might have otherwise gone unnoticed and quietly exploited for some time -- or at least that's the glass half-full way of looking at the situation.

Sources: Microsoft [1], [2]

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By kleinma on 6/6/2012 4:49:20 PM , Rating: 2
I fix a lot of virus laden computers, and I constantly see windows update turned off, disabled, or sometimes totally removed from the system. Granted the complete removal tends to be on XP machines and I haven't seen that on Win7, but I have seen simple fake AV style viruses on machines that have disabled Norton, McAfee, or Microsoft Security Essentials, and disabled windows update and disabled the security center so you won't get popup notifications that things are not on anymore. Or sometime it is as simple as installing as a LSP or a filter driver on the network connection, so you can stop or redirect specific DNS resolutions, like windows update servers.

Whatever they can do to harden this up is good. WU needs a dose of Viagra!

RE: malware
By Alexvrb on 6/6/2012 7:54:03 PM , Rating: 2
The biggest security flaw is the user. They just click the buttons that "make it go" when they are trying to do something. Box pops up? Hit the continue, yes, allow, enable, OK, or GO GO GADGET buttons! I have even known a few that disabled windows update themselves for various idiotic reasons.

One had it disabled because they "had problems" and some kid "fixed it" by disabling WU (I later found out said kid was a Mac user anyway, and he had just "heard that Windows Update caused problems"). But then they still have problems later and I have to clean it up.

Stuff like that makes me understand why closed ecosystems like iPhone do so well. They're virtually idiot proof. Even stock Android by default herds users away from doing anything too risky, nice mostly-safe app store, etc.

RE: malware
By Ammohunt on 6/6/2012 10:21:07 PM , Rating: 1
anything more complex then a toaster spells trouble.

RE: malware
By spamreader1 on 6/7/2012 9:43:10 AM , Rating: 2
Some toasters catch on fire sometimes with these users too I suspect.

RE: malware
By B3an on 6/6/2012 11:09:33 PM , Rating: 2
And yet so many people dont understand what MS are doing with Win 8 and it's app store. It needs to be done.

RE: malware
By Argon18 on 6/7/2012 10:35:44 AM , Rating: 2
A closed application ecosystem like iPhone does work brilliantly. But you can't do that on a desktop. If Apple did that on OSX, or if Microsoft did that on Windows, it would cease to be a desktop. It would become an appliance at that point. Like a tablet with a keyboard and mouse.

Although perhaps that might actually be a good thing, for the go-go-gadget-buttons crowd at least.

By Motoman on 6/6/2012 3:03:44 PM , Rating: 5
So...flame off?

RE: :(
By Ramstark on 6/7/2012 12:17:05 PM , Rating: 2
+6 Made my day this one...xD

The Adams effect...
By BigEdMan on 6/8/2012 8:48:52 PM , Rating: 2
Disabling Windows update, using the ios or android?
No, I'm with Douglas Adams on this one.
I think the real problem here was just coming out of the oceans to begin with.
I may even go one step further than Mr. Adams and suggest that our distant ancestors coalescing into intelligent life form may have been the real root cause of these security issues.

School for Jason Mick ?
By mandoman on 6/6/12, Rating: -1
RE: School for Jason Mick ?
By Nyu on 6/6/2012 4:08:59 PM , Rating: 5
You could use a grammar book yourself as well.

RE: School for Jason Mick ?
By kleinma on 6/6/2012 4:44:31 PM , Rating: 2
He is totally right. MSWORD as least will give you a hint.
In other news, I can has cheeseburger.

RE: School for Jason Mick ?
By Master Kenobi on 6/6/2012 5:05:55 PM , Rating: 1
Not that I'm defending the practice by any means, but have you picked up a copy of The New York Times or The Wall Street Journal lately? They have just as many spelling and grammatical errors as most blogs. The days of rigid enforcement over such mundane things has long since passed.

RE: School for Jason Mick ?
By ZmaxDP on 6/6/2012 5:31:08 PM , Rating: 5

Don't get me wrong, I think people can be too picky about some rules - writers should have the freedom to violate some "standards" like starting a sentence with "And..." or inserting hyphens or other symbols to help convey complex meaning in non-standard ways. However, there is a significant difference between bending the rules on purpose and making simple mistakes that can change the meaning being conveyed. Those "mundane" things are there for a reason - so other people can understand what you're writing.

I find it extremely disappointing that this site seems to care so little. You apparently don't think it is very important; and Jason certainly doesn't judging by his writing. Perhaps DT should focus on doing video-blogs since you won't have to actually worry about spelling. The grammatical mistakes can be ameliorated by the tone and rhythm of your speech. Of course, someone will probably get lazy with that at some point and start pronouncing words wrong. When people complain, you can always say how "mundane" the rules of pronunciation are...

How about trying to shoot for higher standards instead of accepting the tyranny of the lowest common denominator? I am no writer - nor do I claim to be - but I at least try. This is part of your job, try and do it well.

RE: School for Jason Mick ?
By muy on 6/7/2012 9:20:09 AM , Rating: 2
so people should write in their mother tongue and then expect the reader to use babblefish or something like it? i would like that a little bit more of the people who were born by luck (or should say accident ?) in an anglo saxon speaking country would show some tolerance towards the people that don't have english as their mother tongue. makes me almost want chinese to become the international language and reduce 99.5 % of US citizens to international near illiterate state (just to make them see the stupidity of their arrogance). attacks on people their language skills is something i only see on english forums, never (well, at least not that i have seen) on german, dutch or french forums.

RE: School for Jason Mick ?
By semiconshawn on 6/6/2012 6:07:23 PM , Rating: 2
have you picked up a copy of The New York Times or The Wall Street Journal lately?

No and fewer and fewer people do. I'll give a BIG reason why in one word. Quality. I think then I will just quote you.

The days of rigid enforcement over such mundane things has long since passed.

RE: School for Jason Mick ?
By twhittet on 6/6/2012 6:12:29 PM , Rating: 2
over such mundane things

So - obviously not important to you. I think it's a trust thing. Can I trust a reporter/blogger on what they are saying if they can't even spell it correctly? How much time and effort was involved in fact-checking if no time or effort was involved in spell-checking?

I usually don't care and glide over simple mistakes - but it is a good question I'm not sure if I've seen answered:
Is there such a thing as an editor here? Someone who proofreads an article before it is "published"?

RE: School for Jason Mick ?
By TakinYourPoints on 6/7/2012 2:02:02 AM , Rating: 2
We've long inferred that editorial content and integrity isn't a real priority here, but at least we now have written confirmation that you guys don't care about the technical quality of writing either. Thanks

RE: School for Jason Mick ?
By semiconshawn on 6/7/2012 2:25:06 PM , Rating: 2

RE: School for Jason Mick ?
By YashBudini on 6/8/2012 10:32:25 AM , Rating: 2
but have you picked up a copy of The New York Times or The Wall Street Journal lately?

It's a shame you overlooked college text books, as they are in the same league.

But what these sources don't understand is they set the bar, the done, the standard. Where else to learn the proper way, by running to an English teacher for every post?

The days of rigid enforcement over such mundane things has long since passed.

You don't even realize it, but you're contributing to the dumbing down of America.

RE: School for Jason Mick ?
By MechanicalTechie on 6/6/2012 7:25:27 PM , Rating: 1
Ohh just grow a pair would ya.. as if it's such a big problem

Stop whinging you little baitch!!

RE: School for Jason Mick ?
By Chapbass on 6/6/12, Rating: -1
RE: School for Jason Mick ?
By MechanicalTechie on 6/6/2012 8:46:36 PM , Rating: 2
Definition for whinging -

(whinge) A cry; A complaint; To complain, especially in an annoying or persistent manner

Obliviously your vocabulary is lacking!!

RE: School for Jason Mick ?
By JKflipflop98 on 6/7/2012 1:10:14 AM , Rating: 2
It's apparently a very popular term in Australia.

RE: School for Jason Mick ?
By croc on 6/7/2012 9:07:24 AM , Rating: 2
It is actually a very correct ENGLISH bit of slang that correlates closely with the Amlish (TM) (Marca Registrata) slang term 'whine'. As many Indians (From India, that is...) also use the English language, you poor Yanks are a wee bit outnumbered... So get over it, and quit your whinging.

Glad to see that you are still around, BTW.

RE: School for Jason Mick ?
By Smilin on 6/7/2012 9:46:46 AM , Rating: 1
"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki