Microsoft has just revealed that the flame virus has been spreading via Microsoft security certificates gone rogue. This is the reason it was so prolific and quick over its attack in a number of Middle Eastern countries.
A critical analysis of the flame cyber virus has just revealed that hijacked Microsoft security certificates were used to spread it. The certificates which looked like they had been signed by Microsoft made them look innocuous and are the reason they were so successful.
Some elements in the Flame virus use a feature in the old cryptography certificate algorithm that is vulnerable so that it can be able to make the virus look as if it has been authenticated by Microsoft.
The quick spread was also possible since a large number of systems in the world accept Microsoft signed codes as safe, therefore the malware could be able to get in to most systems easily.
In the wake of these revelations, Microsoft has revoked the rogue certificates, and even offered help to administrators in IT so that attacks from the spoofed certificates can be stopped.
Basically, the flame virus knocked in to the rogue certificates in Microsoft’s Terminal Server, and as such they appeared as if they had been verified by the software giant firm. The loop hole in the Terminal server is currently under repair from a Windows patch, and it also allows desktop connections remotely.
Analysts looking at the breach in Microsoft Corporation (NASDAQ:MSFT) are of the opinion that the attack shows clearly the delicate manner in which every transaction over the internet is based on.
As soon as the revelations on the rogue certificates were made, Microsoft took steps at once by announcing an advisory on the rogue codes, and also giving steps that systems could take to disable the malware. An update from Microsoft that does the same thing was also released.
Microsoft Corporation (NASDAQ:MSFT) has also ensured the Terminal Server Licensing Service is not issuing certificates that sign code any more. Therefore, malware that use the rogue certificates that were gotten from the terminal will not be accepted as Microsoft signed certificates.
Security experts in computing have expressed great concern at the focus and sophistication that the flame virus showed. This is because the worm that was first discovered by Kaspersky Lab researchers has the ability to take screen shots of a computers activity, steal data as well as listen in on audio conversations.
The virus Flame which affected countries in the Middle East as well as Iran, is seen as a new form of cyber war, and there are rumors that a nation state may have been responsible for the worm since the sophisticated malware, which was kept in wraps for over a year and a half could have been prized in the black market.
However, Microsoft was of the opinion that its customers were not at great risk, since the virus can be detected by a large number of antivirus programs. Nevertheless, the software giant also added that the techniques that were employed by the worm could be used by other attackers to launch massive attacks the world over.