DreamTeamDownloads1, FTP Help, Movies, Bollywood, Applications, etc. & Mature Sex Forum, Rapidshare, Filefactory, Freakshare, Rapidgator, Turbobit, & More MULTI Filehosts

DreamTeamDownloads1, FTP Help, Movies, Bollywood, Applications, etc. & Mature Sex Forum, Rapidshare, Filefactory, Freakshare, Rapidgator, Turbobit, & More MULTI Filehosts (http://www.dreamteamdownloads1.com/index.php)
-   General Computer/Android Help, News & Info + New Technology (http://www.dreamteamdownloads1.com/forumdisplay.php?f=97)
-   -   Hackers Fake Microsoft Update; Spread Malware (http://www.dreamteamdownloads1.com/showthread.php?t=213969)

js3811 05-06-12 17:50
Hackers Fake Microsoft Update; Spread Malware
 
C/P

by Brandon Dimmel

Cyber-crooks have reportedly used fake Microsoft credentials to spread the new Flame malware. In response, Microsoft has issued an 'emergency security advisory', along with a guide telling people how to protect their computer systems and networks.

The Flame virus is a bit unusual, in that it is designed to steal data rather than corrupt or take down computer systems.

Described by researchers at Kaspersky Lab as a "complete attack toolkit," the Flame virus is considered by many to be an even bigger security threat than the massive Stuxnet worm, which it closely resembles.
Flame Masquerades as Legitimate Microsoft Code

Although it was dangerous before, Flame now poses an even bigger risk. The cybercriminals behind it have successfully configured their virus to use legitimate Microsoft credentials to help it slip under network defenses.

In a recent post on the Microsoft Security Response Center blog, Microsoft stated: "We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft." (Source: pcmag.com)

Experts believe that the people behind Flame have found and exploited a new flaw in the Terminal Server Licensing Service used by many IT administrators to authorize Remote Desktop services on Windows-based networks.

Because most IT systems accept legitimate Microsoft code by default, the Flame virus -- which can now appear legit to network defenses -- is often accepted and passed through to vulnerable computer data and systems.
Microsoft Sends Emergency Security Advisory

To combat this new danger, Microsoft has now released an Emergency Security Advisory that explains in great detail exactly how IT administrators can block any of Flame's rogue security certificates from gaining unauthorized access to networks.

But for some IT administrators, this may be too little, too late. nCircle security expert Andrew Storms warns that the "discovery of a bug that's been used to circumvent Microsoft's secure code certificate hierarchy is a major breach of trust," and points out that "it's a big deal for every Microsoft user." (Source: pcworld.com)

However, Flame is a highly targeted form of malware, so the systems of most home users are not likely to be targeted by those who designed this potent virus.

Storms believes the sophisticated nature of Flame's most recent attack lends weight to the theory that the hackers behind it represent a nation-state, meaning they may have the financial backing of a powerful government.
Code:
http://www.infopackets.com/news/business/microsoft/2012/20120605_hackers_fake_microsoft_update_spread_malware.htm
Take care.

photostill 05-06-12 19:26
Re: Hackers Fake Microsoft Update; Spread Malware
 
Interesting. I've been following the Stuxnet, Du Qu, and Flame since it hit the recognition horizon.

Stuxnet was hallmarked by plug in type modules, which is what led researcher to realize this was professional programmers. That's the way professionals do. They will take premade stuff and plug it into to their work, saving time and effort. Script kiddies and part timers don't do that. They tend to write it all themselves.

Much of Stuxnet is also hallmarked by programmer teams doing the development. It's too much code for one guy working in a room by himself. Plus there is the part about the unidentified language at the time of reverse engineering. Some of the code looked to be a totally new language. Only after the public was asked to id the code, did it turn out to be older Visual C code. No recent programmers use the obsolete language and that was why no one recognized it. This means the programmers were older folk, not young ones.

Now Flame is a different animal, in that it's huge for a malware in size. It has the capability of plug in modules to be activated on command, or to download what is needed. It can take screenshots, once every second or so; it can even self-destruct, taking all evidence it was ever there.

But what is the real interest here, is that the signed certificate is now showing it's vulnerability. Not to long ago, a year or so, it was found out the dutch firm had it's certificate issuing compromised. So damaging was that the company went out of business. But signed certificates have been how much of the valid updates and security has been run. It's now proving to be a liability as much as a one legged man is to caravan.

Because it's been now shown how to look legal. Don't think for a minute they won't be reverse engineered to find out how and why they do what they do. At some point, all this malware is going to become the stock and tools of trade for the malware writers. At that time, either we better have a secure computer/connection, or we better be off the net. There won't be anywhere on line safe for computer users as they are configured and used today.

js3811 05-06-12 20:12
Re: Hackers Fake Microsoft Update; Spread Malware
 
Hey P,
Very interesting.I didn't know about the old visual C code.Who woulda thunk it.Thanks for your input.

Take care.:cool:


All times are GMT. The time now is 11:56.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
SEO by vBSEO 3.5.2