Don’t get too close to the “flame” …
There has been a particularly nasty bit of malware roaming around the net for a while, but just surfaced within the past couple weeks. It’s in the form of malware that masquerades as a legitimate Microsoft update, but the “update” really is spyware, that can do anything while on your computer including reading your key strokes and getting personal identification information. The virus is called Flame and only effects Windows PCs and devices (including smart phones).
The way it works is that they have exploited a weakness in the certificate handling in Windows that allows a bogus security certificate to be accepted by a PC or device as if it were a legitimate certificate from Microsoft. What’s a certificate you ask? It’s a critical packet of data that is used to verify the identity and veracity of the party you’re interacting with. It is crucial in verifying that software being downloaded is legitimate or that the party you’ll about to establish a secure channel with is legitimate.
In this particular exploitation, it tricks the computer/device into believing that a malware program is a legitimate program from Microsoft and is safe to be installed. Once in, this malware can roam freely unless your anti-virus is aware of the particular profile of this piece of malware. This is what makes this nasty, the “virus” is the fake certificate that Windows will accept, but the underlying malware can be anything.
So, what to do? First and foremost, update all your Windows PCs and devices with the latest OS update if not already done (for example, if you have automatic updates enabled). That will close this particular door on enabling malware to enter your computer. Remember: Always make sure to keep your OS and applications up-to-date.
The next question is: Are you infected already? That’s really an unknown and where your anti-virus software comes in. A large-scale infestation of malware will be detected, understood and profiles written by the anti-virus software vendors. Again, it critical that you keep your anti-virus up-to-date.
Here are some links for further information:
- MSNBC article (last update June 6, 2012)
- Microsoft alert (June 3, 2012)
- Blog entry from Sophos Naked Security blog
In a future post, I’ll dive a little more into the issue of bogus certificates and the implications on e-commerce.
Comments and questions welcome …