drjbhl
Ramblings of an old Doc
“Self Destruct” Message Sent To “Flame”
Published on June 10, 2012 By DrJBHL In Personal Computing

 

It’s like a car wreck. You can’t stop watching. Well… I can’t, anyway.

Symantec has been watching certain “infected” computers very closely to see what they’d do while infected with the “Flame” virus/Trojan.

So, earlier in the week, they noticed that certain Command an Control computers sent an urgent command to the infected PC’s these C&C computers were controlling. The key piece here is that the C&C computers didn’t ‘know’ that their victims no longer were under their control, but that some had been retaken by Symantec.

The C&C computers had sent a “suicide” activation message to the infected computers which would completely remove “Flame” from them, overwriting the space “Flame” was on with gibberish, and leave not a trace behind.

What else is new about “Flame”? It has a distinction (of sorts). It’s a ground breaking pioneer: Flame is the first malware to use “prefix collision attack” (an obscure cryptographic technique see arstechnica reference below), although the technique was first described in 2008.

Just because the “self destruct” message was sent to “Flame”, don’t think this is over. It isn’t. Getting the genie back in the lamp isn’t that easy.

Sources:

http://www.bbc.com/news/technology-18365844

http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/

http://news.softpedia.com/news/Experts-Name-Flame-s-MD5-Chosen-Prefix-Collision-Attack-Unknown-274218.shtml

http://blogs.technet.com/b/srd/archive/2012/06/06/more-information-about-the-digital-certificates-used-to-sign-the-flame-malware.aspx


Popular Articles in this Category
Safe and free software download sites for windows
Keep an Eye Out!
A new and more functional PC Manager widget from MS
Popular Articles from DrJBHL
Safe and free software download sites for windows
A new and more functional PC Manager widget from MS
Comments
1
Heavenfall
on Jun 10, 2012

Trying to put the lid on, eh?

2
Sinperium
on Jun 10, 2012

My admiration of the Mossad increases further.

3
DrJBHL
on Jun 10, 2012

Sinperium
reply 2
My admiration of the Mossad increases further.

I'd agree on general principle, but probably not in this case.

http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=1&ref=global-home

If true, would point a lot more towards the NSA being a key player. This doesn't mean it was alone in doing/developing it. It might have been a joint action and either could shut it ndown. Israel is a tech titan and this article hints that it might also have been involved: http://www.jpost.com/Defense/Article.aspx?id=271795 

I just don't think it was done 'solo'.

 

4
Sinperium
on Jun 10, 2012

Collaboration is a good thing.  To quote from my old military days...

"We can neither confirm nor deny our involvement or lack of involvement in any alleged or actual activities."

Actually, the NSA is probably the most powerful global agency in existence in the world at this time.

5
Zeta1127
on Jun 10, 2012

For all we know there is a Jake Foley running around.

6
LizMarr
on Jun 11, 2012

Closing the barn door after the cow has already left?

Meta
Views
» 9035
Comments
» 6
Category
» Personal Computing
Comment
Recent Article Comments
LightStar Design Windowblind...
Let's see your political mem...
Let's start a New Jammin Thr...
A day in the Life of Odditie...
Safe and free software downl...
Veterans Day
A new and more functional PC...
Post your joy
AI Art Thread: 2022
WD Black Internal and Extern...
Sponsored Links
Terms of Service Privacy Policy About Us Contact Us Stardock.com
© 2024 Stardock Corporation. All rights reserved.
JoeUser v1.0.0.0