Microsoft issues Flame virus warning
Microsoft warned that a bug in Windows allowed PCs across the Middle East to become infected with the Flame virus and released a software fix to fight the espionage tool that surfaced last week.
Security experts said they were both surprised and impressed by the approach that the attackers had used, which was to disguise Flame as a legitimate program built by Microsoft. Kaspersky Lab, one of the researchers who helped to discover the Flame virus.
The creators of the virus obtained that certificate by manipulating a component of the Windows operating system known as terminal services licensing, or TS licensing, that is designed to authorize business customers to use advanced features of Windows.
A bug in TS licensing allowed the hackers to use it to create fake certificates that identified Flame as being from Microsoft, Mike Reavey, a senior director with Microsoft's Security Response Center, said in a blog post.
He feared that other hackers might be able to copy the technique to launch more widespread attacks with other types of viruses, Reavey said.
"We continue to investigate this issue and will take any appropriate actions to help protect customers," Reavey said in the blog post.
News of the Flame virus, which surfaced a week ago, generated headlines around the world as researchers said that technical evidence suggests it was built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010. Researchers are still gathering information about the virus.
Microsoft's warning is available at blogs.technet.com/b/msrc/
Microsoft warned that a bug in Windows allowed PCs across the Middle East to become infected with the Flame virus and released a software fix to fight the espionage tool that surfaced last week.
Security experts said they were both surprised and impressed by the approach that the attackers had used, which was to disguise Flame as a legitimate program built by Microsoft. Kaspersky Lab, one of the researchers who helped to discover the Flame virus.
The creators of the virus obtained that certificate by manipulating a component of the Windows operating system known as terminal services licensing, or TS licensing, that is designed to authorize business customers to use advanced features of Windows.
A bug in TS licensing allowed the hackers to use it to create fake certificates that identified Flame as being from Microsoft, Mike Reavey, a senior director with Microsoft's Security Response Center, said in a blog post.
He feared that other hackers might be able to copy the technique to launch more widespread attacks with other types of viruses, Reavey said.
"We continue to investigate this issue and will take any appropriate actions to help protect customers," Reavey said in the blog post.
News of the Flame virus, which surfaced a week ago, generated headlines around the world as researchers said that technical evidence suggests it was built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010. Researchers are still gathering information about the virus.
Microsoft's warning is available at blogs.technet.com/b/msrc/
0 comments:
Post a Comment