Windows Security Update!

As reported by security week, the new Flame virus that has been wreaking havoc with computer systems in the Middle-East has been using a fake Windows authentication certificate in order to redirect alleged connections from Microsoft’s Windows Update to the malicious target servers.

The three modules of Flame- Snack, Gadget and Munch download themselves as a fake update on the infected computer and then proceed to install themselves on the local machine.

These three modules work to infect other machines on the network, routing web traffic through the Flame compromised computer first in an effort to spread the malware across as many machines in a network as possible.   The Gadget model provides the necessary binary signed by a certificate pretending to belong to Microsoft in order to trick a Windows machine into accepting the “Update” connection in the first place.

Senior director of the Microsoft Security Response centre,Mike Reavy alleges that Microsoft is looking into the issue- as he detailed in his blog

To increase protection for customers, the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution,” he added. “We will begin this update following broad adoption of Security Advisory 2718704 in order not to interfere with that update’s worldwide deployment.

If you are concerned about your network or system’s ability to respond to emerging cyber threats, check out five must have capabilities for controlling modern malware and stay tuned to our blog for all the latest in tech news.


Stefan Avlijas @ XiiTec in Vancouver