Flame malware that targeted mainly the computers in Middle East is spreading through fake Windows updates. Flams is using certificates that fool Windows into believing that the software is from Microsoft and spreading through Windows updates.
Flame malware news came a week ago and cyber security experts described it as a most sophisticated malware discovered to date. Flame is believed to target computers in Iran and other Middle East countries. Security software companies already issued to updates to their software to identify and remove this malware.
Security experts believe that initial infection of Flame may be related to a Zero Day vulnerability, because fully patched Windows 7 machines were infected over a network, Aleks, Kaspersky Lab Expert posted a blog post explaining the same. He writes that this is the main purpose of the special module of Flame called “Gadget” along with another module called “Munch.”
It’s important to understand that the initial Flame infection could still be happening through zero-day vulnerabilities. The “Gadget” module is simply used to spread within a network from a machine that is already infected with the malware.
The “Gadget” and “Munch” modules implement an interesting man-in-the-middle attack against other computers in a network.
When a machine tries to connect to Microsoft’s Windows Update, it redirects the connection through an infected machine and it sends a fake, malicious Windows Update to the client.
Microsoft says as the Flame malware “has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk.” But the techniques used by Flame malware could also be used by other attackers to launch more widespread attacks, so Microsoft issued an security advisory on steps to take block this malware by Windows users. Microsoft also released an update that fixes the bogus certificates bug.
How to check if your system is infected with Flame / Flamer
Most of the security programs already updated their software to remove Flamer malware from user PCs. Bitdefender has created a portable tool that allows users to check if their systems have been infected with this sophisticated malware.
The program is portable and scans your system to for Flame / Flamer infection. It is a good idea to scan your system with this software tool.