Flame virus exploits Windows bug, Microsoft issues software fix

Flame virus has waged a cyber war against countries in the Middle East. Although it follows the recent cyber attacks by Stuxnet and Duqu, is said to be 20 times larger than Stuxnet. Microsoft has now issued a warning that a bug on Windows PCs allow them to be infected by Flame. The company has also released a software fix to fight the espionage. 

The most recent reports reveal that the cyber threat Flame poses as a legitimate program built by Microsoft. The chief research scientist with security firm, Accuvant said that cyber weapons that bear the fake Microsoft code will either stop working or lose some of their camouflage. The Flame’s code includes a digital certificate. This certificate was falsely identified as Microsoft’s piece of software. The malicious creators of the virus may have obtained the certificate by manipulating a component of the Windows operating system, called terminal services licensing (TS licensing). This component has been crafted to authorize business customers to use advanced features of Windows.

 Windows bug opens door for Flame virus....

A bug in TS licensing let the hackers use it to create fake certificates, which identified Flame as being from Microsoft, Mike Reavey, a Senior Director with Microsoft's Security Response Center revealed. Experts say that this method is elegant and there could be other cyber weapons that are yet to be identified. "It would be logical to assume that they would have used it somewhere else at the same time," stated Mikko Hypponen, Chief Research Officer for security software maker F-Secure. While a spokeswoman for Microsoft refused to talk on if other viruses had exploited the same flaw in Windows or if the company's security team was looking for similar bugs in the operating system.

The Flame virus was identified lately by the Kaspersky Labs. The virus is capable of copying whatever you enter on the keyboard and view on the computer screen. On infecting a system, Flame begins with its set of complex operations, which is inclusive of sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and even monitoring the display. The information is then sent to a network of command-and-control servers located in many different parts of the world.

Reuters