It is pretty impressive that Flame (otherwise known as Flamer, sKyWIper, or Skywiper) is already in wikipedia
Flame is a piece of malware that is fairly complex and used for different targeted attacks. It is known to be used in sophisticated and targeted attacks. I am not going to try to reproduce what it is already in wikipedia, since it summarizes it very well:
The program is being used for targeted cyber espionage in Middle Eastern countries. Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National Computer Emergency Response Team (CERT), Kaspersky Lab and CrySyS Lab. of the Budapest University of Technology and Economics. The last of these stated in its report that “sKyWIper is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found.”
The attack uses unauthorized digital certificates derived from a Microsoft Certificate Authority. This issue affects all supported releases of Microsoft Windows. An unauthorized certificate could be used to do several things:
Microsoft released a security advisory very promptly at:http://technet.microsoft.com/en-us/security/advisory/2718704This is one more example of why having automatic updates enabled is very important. If you do have automatic updates you don’t need to take much action because the KB2718704 update will be downloaded and installed automatically. Individuals who have not enabled automatic Windows updates must check for this update and install it manually.Why is Flame getting so much attention and media coverage? Because, Flame has some of the characteristics of Stuxnet and Duqu.The Budapest University of Technology and Economics posted an excellent write-up titled: “sKyWIper: A Complex Malware for Targeted Attacks“Additionally, Symantec posted a very detailed write-up of the anatomy of this malware.The creators of this malware (Flame) used a very innovative method by inject this malware into winlogon.exe, securitysoftware processes, and potentially other processes. Flame could also load shell32.dllreplacing this DLL in memory with a malicious DLL. It is known to also have the ability to capture screenshots of the target machine. It also has some clever anti-debugging tricks.The following are some of the files that are part of this malware:
So far, there are two confirmed variants of the advnetcfg.ocx file.
This still an ongoing investigation and a lot of people call it “military-grade malware”. The good news is that there is a fix from Microsoft and it is being successfully detected by several security software and anti-virus.
Greetings! I am very new to NX-OS, and it has been an uphill battle getting everything working. My current issue is that I cannot get my aaa shared keys to encrypt. They are set on level 7 but when I perform a show run, it shows in clear text o...
Experts,We are running into an issue where cert based auth is prompting users to allow the anyconnect app to access system keychain item. While manually "whitelisting" the app in the access-control tab of private key is an option, we are looking at ways w...
Hello,We are in the process of deciding what to do about upgrading our ASA 5512x, and it has come up that our AnyConnect licenses that our tied to our account expire soon (today!). We've got new ones purchased, but I never received any instructions ...
Hello,we want to establish a connection to an external MDM Server, that is Matrix42 Silverback.Someone has experience with Matrix42 Silverback and its integration with ISE (Version 2.6)?Are they compatible?Can we use APIs?Thanks in advance
Hi, Where can I change the "crypto ipsec security-association lifetime" in a Cisco ASA5508-X Threat Defense and/or Cisco ASA5516-X Threat Defense? If it is possible at all. Or at least please help me find out what is default for those model...