It is pretty impressive that Flame (otherwise known as Flamer, sKyWIper, or Skywiper) is already in wikipedia
Flame is a piece of malware that is fairly complex and used for different targeted attacks. It is known to be used in sophisticated and targeted attacks. I am not going to try to reproduce what it is already in wikipedia, since it summarizes it very well:
The program is being used for targeted cyber espionage in Middle Eastern countries. Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National Computer Emergency Response Team (CERT), Kaspersky Lab and CrySyS Lab. of the Budapest University of Technology and Economics. The last of these stated in its report that “sKyWIper is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found.”
The attack uses unauthorized digital certificates derived from a Microsoft Certificate Authority. This issue affects all supported releases of Microsoft Windows. An unauthorized certificate could be used to do several things:
Microsoft released a security advisory very promptly at:http://technet.microsoft.com/en-us/security/advisory/2718704This is one more example of why having automatic updates enabled is very important. If you do have automatic updates you don’t need to take much action because the KB2718704 update will be downloaded and installed automatically. Individuals who have not enabled automatic Windows updates must check for this update and install it manually.Why is Flame getting so much attention and media coverage? Because, Flame has some of the characteristics of Stuxnet and Duqu.The Budapest University of Technology and Economics posted an excellent write-up titled: “sKyWIper: A Complex Malware for Targeted Attacks“Additionally, Symantec posted a very detailed write-up of the anatomy of this malware.The creators of this malware (Flame) used a very innovative method by inject this malware into winlogon.exe, securitysoftware processes, and potentially other processes. Flame could also load shell32.dllreplacing this DLL in memory with a malicious DLL. It is known to also have the ability to capture screenshots of the target machine. It also has some clever anti-debugging tricks.The following are some of the files that are part of this malware:
So far, there are two confirmed variants of the advnetcfg.ocx file.
This still an ongoing investigation and a lot of people call it “military-grade malware”. The good news is that there is a fix from Microsoft and it is being successfully detected by several security software and anti-virus.
I’ve been trying get to work for over a year. ATT came out with this document. Any suggestions on how to implement this would be appreciated. https://www.att.com/esupport/article.html#!/wireless/KM1114459
I seem to have this strange problem with ASDM on one of my ASA5515's in the pair, the standby unit does not have the problem I am about to describe. ASDM was working just fine then suddenly I am unable to connect to it on, only on the Primary, the Se...
Hi, I need to allow internet access for internal client for facebook access and need to build NAT on FMC. I did many times source NAT for internet access on other firewalls but not sure nat. type on. FMC. I can see client url traffic on fmc but ...