How The Flame Malware Stayed Hidden For So Long

The past week has brought to light more revelations about the mysterious Flame (or sKyWIper) worm that was first identified at the end of May. Among them: the eye-popping admission from Microsoft that the malware’s authors found a way to use that company’s Windows Update feature to distribute the malware.

The details of the collision attack used by the Flame malware authors to create a forged code-signing certificate for Microsoft code are beginning to emerge, and the company said that the attackers used an MD5 hash collision specifically to ensure that their attack would work on machines running Windows Vista and later versions of the OS. Microsoft also said that it will roll out some hardening changes to its Windows Update infrastructure to prevent the kind of man-in-the-middle attack that Flame used.

The U.S. Department of Homeland Security is warning IT administrators and operators of industry control systems about the danger posed by the Flame (aka sKyWIper) malware after Microsoft acknowledged that the malware is able to spoof its Windows Update service to push malicious code onto vulnerable systems.

Members of the hacktivist collective Anonymous resurfaced this week with a new campaign to expose suspected pedophiles on Twitter and get the site and its users to help root out other accounts linked to child pornography.In a Pastebin post, someone using the hashtag #Anonymous posted the Twitter handles for about 100 Twitter users, some with names like @Daddysinfulgirl and @lolitahussy.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.