PDA

View Full Version : First STUXNET, now FLAME???



drawkcab
June 11th, 2012, 08:28 PM
Has anyone been following the recent discovery of this new super virus they're calling Flame which is apparently related to Stuxnet?

http://www.techspot.com/news/48886-flame-malware-subverts-windows-updates-infects-networked-pcs.html

If you've come across any good stories on Flame, please post them!

CharlesA
June 11th, 2012, 09:43 PM
https://insanitybit.wordpress.com/?s=flame

*hides*

fatality_uk
June 11th, 2012, 09:56 PM
http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=2


http://www.mitchellcharlesworth.co.uk/media/47685/we're%20all%20doomed%20(200x193).jpg

drawkcab
June 11th, 2012, 10:23 PM
Nice posts. This is fascinating.

wilee-nilee
June 11th, 2012, 10:24 PM
https://insanitybit.wordpress.com/?s=flame

*hides*

Hehe state sponsored.

219536

Dragonbite
June 12th, 2012, 01:54 PM
Has anyone been following the recent discovery of this new super virus they're calling Flame which is apparently related to Stuxnet?

http://www.techspot.com/news/48886-flame-malware-subverts-windows-updates-infects-networked-pcs.html

If you've come across any good stories on Flame, please post them!

Do you mean THIS flame?
http://www.wired.com/threatlevel/2012/05/flame/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Ind ex+3+%28Top+Stories+2%29%29 (http://www.wired.com/threatlevel/2012/05/flame/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Ind ex+3+%28Top+Stories+2%29%29)


Like how it was a joint venture of America and Israeli governments to sabotage Iran's nuclear facilities?
http://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/ (http://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/)

*Please, no politics. The article is stating their relationship and admission, but please do not force the thread to be closed due to political talk.*

Or that it was assigned an old Microsoft Windows Terminal Client certificate and can infect a fully up-to-date patched Windows?
http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/ (http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/)

Or that it can spoof itself as a Windows update?
http://news.cnet.com/8301-10805_3-57447277-75/flame-virus-can-hijack-pcs-by-spoofing-windows-update/?part=rss&subj=news&tag=title (http://news.cnet.com/8301-10805_3-57447277-75/flame-virus-can-hijack-pcs-by-spoofing-windows-update/?part=rss&subj=news&tag=title)

Yeah, I've been kinda following it ;)

Hungry Man
July 19th, 2012, 06:53 PM
https://insanitybit.wordpress.com/?s=flame

*hides*

Oh, my article =p I wrote that the day it hit the news so it's a bit out of date.

I remember people saying it wasn't anything special and probably wasn't state sponsored. I bet they feel silly.

I suspected then that it was a US project as it used the vulnerabilities common to Stuxnet and was made years back. It later became obvious that it was a large project as they spent hundreds of thousands of dollars to create an MD5 hash collision in order to spoof the Windows Update and infected fully patched Windows 7 machines.

Attacks like Flame are uncommon. This attack likely cost over a million dollars in terms of development time/ resources and computing resources.

But it is a nice reminder that no system is immune. This attack went after what should have been a secure system - Windows update, but do to (the inevitable) errors in the system they were able to exploit it using a very costly hash collision.

Windows now has a way more secure update system and an attack like this isn't likely to happen again - they've just driven up the cost for attacking Windows Update up a massive amount. It's not outside of the US budget to do it, it's just way more costly.