The U.S. Department of Homeland Security is warning IT administrators and operators of industry control systems about the danger posed by the Flame (aka sKyWIper) malware after Microsoft acknowledged that the malware is able to spoof its Windows Update service to push malicious code onto vulnerable systems.
DHS issued a Joint Security Awareness Report on Tuesday (PDF), saying that spoofed Windows Updates now represented an “avenue for compromised that may be used by additional attacks on systems not originally the focus of the (Flame and) sKyWIper malware.”
For owners and operators of industrial control systems, ICS-CERT and US-CERT recommended that administrators review a June 3 advisory from Microsoft and work with ICS equipment makers to install the update, and to do impact analysis and risk assessment of the vulnerability prior to taking action.