It is pretty impressive that Flame (otherwise known as Flamer, sKyWIper, or Skywiper) is already in wikipedia
Flame is a piece of malware that is fairly complex and used for different targeted attacks. It is known to be used in sophisticated and targeted attacks. I am not going to try to reproduce what it is already in wikipedia, since it summarizes it very well:
The program is being used for targeted cyber espionage in Middle Eastern countries. Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National Computer Emergency Response Team (CERT), Kaspersky Lab and CrySyS Lab. of the Budapest University of Technology and Economics. The last of these stated in its report that “sKyWIper is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found.”
The attack uses unauthorized digital certificates derived from a Microsoft Certificate Authority. This issue affects all supported releases of Microsoft Windows. An unauthorized certificate could be used to do several things:
Microsoft released a security advisory very promptly at:http://technet.microsoft.com/en-us/security/advisory/2718704This is one more example of why having automatic updates enabled is very important. If you do have automatic updates you don’t need to take much action because the KB2718704 update will be downloaded and installed automatically. Individuals who have not enabled automatic Windows updates must check for this update and install it manually.Why is Flame getting so much attention and media coverage? Because, Flame has some of the characteristics of Stuxnet and Duqu.The Budapest University of Technology and Economics posted an excellent write-up titled: “sKyWIper: A Complex Malware for Targeted Attacks“Additionally, Symantec posted a very detailed write-up of the anatomy of this malware.The creators of this malware (Flame) used a very innovative method by inject this malware into winlogon.exe, securitysoftware processes, and potentially other processes. Flame could also load shell32.dllreplacing this DLL in memory with a malicious DLL. It is known to also have the ability to capture screenshots of the target machine. It also has some clever anti-debugging tricks.The following are some of the files that are part of this malware:
So far, there are two confirmed variants of the advnetcfg.ocx file.
This still an ongoing investigation and a lot of people call it “military-grade malware”. The good news is that there is a fix from Microsoft and it is being successfully detected by several security software and anti-virus.
Hi Guys I'm trying to test the Chrome Smart Tunnel extension. Running ASA 9.8(4)10. Connect with Chrome, log in and then click on the "Start Smart Tunnel" button in the Application access area. Chrome reports requiring a Chrome extension but the URL ...
Hi All Cisco fans. I have a question abot log below you can find my running config of logs messages. and my question is? when I type show logging i see only logs for VPN session, non of the current wornings info etc.My asa freez night before i cannot...
Hi all,Hope you all are doing good.Please help me on below.We have two FTD 9300 installed in our setup in active standby. Yesterday there was a failover we want to lnow why failover happend and when. Is it possible to find it from FMC ? If so th...
My customer has integrated ISE and Stealthwatch SMC and looking for automatic user notification after getting quarantine from SMC.
Is it possible to send email notification?
Can we do portal (like Hotspot or static web page) redirection?