This story came out earlier this year. But it it is still in reports.
Using fake security certificates, the virus is able to use Microsoft's Windows Update service to infect computers.
CNET and others say the infamous Flame virus can infect secure PCs by its malicious payload that is not ACTUALLY an update from Microsoft.
As already known, Flame has gained power by tapping into security certificates for Microsoft's Terminal Server. Though they appear to be digitally signed by Microsoft, the certificates are actually cooked up by the crooks.
More details for the June 5 CNET story
http://news.cnet.com/8301-10805_3-57447277-75/flame-virus-can-hijack-pcs-by-spoofing-windows-update/
But the fake update can't affect you unless you already are partially infected, right?Quote from: Helpmeh on June 25, 2012, 09:33:31 AM
But the fake update can't affect you unless you already are partially infected, right?
Did you read the article? This is an old issue that has not been resolved. It is being under reported.
Do you never get any infections?
The fake update has a security certificate that will pass the test. So your virus scans and internet watchdog will not catch it.
Partially infested? Yes. it is a three step process. But how would you know if the first or second step is in place?
I regularly scan my system. But about once a moth something odd shows up. Most of then time the virus software takes care of it. Other times I have to pay attention and notice that the laptops not responding the way it used to.
What motivated me to post this here is to find out if others have had odd problems. Just last week I had a remarkable event that really took some work on my part.
After a big bunchy MS update , my wireless
DRIVER starting behaving strangely. Had to un install and re install it. Works good now. No evidence of what went wrong.
Quote from: Helpmeh on June 25, 2012, 09:33:31 AM
But the fake update can't affect you unless you already are partially infected, right?
Correct. Only machines infected with a particular trojan, which then makes changes to valid root certificates on the machine will be affected. The appearance of the malware in Windows Update only occurs after a machine is infected, which in and of itself is not surprising.
MS has since issued patches that prevent the Terminal
SERVICES service from issuing root certificates, which was how the trojan worked to allow Windows Update to work as a trojan downloader.
In actual fact, all it really circumvented was most firewall systems, which allow windows update through by default. Most trojans try to download it themselves, this one instead changed the system configuration to allow the download to occur as part of Windows Update.
Quote
Yes. it is a three step process. But how would you know if the first or second step is in place?
The root trojan downloader (or, rather, the root trojan download delegator, which does the task of making windows update download the malware) should set off any well-configured Anti-virus or malware program particularly as it tampers with root certificate authorities on the local machine.
I'm not really sure how a wireless driver behaving strangely is somehow relevant to this, either. A car analogy would be to note that car thieves steal stereos, and then note that your car's dipstick has crusty deposits on the end.Everybody read this:
http://support.microsoft.com/kb/2718704Quote
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory CONTAINS additional security-related information. To view the security advisory, visit the following Microsoft website:
http://technet.microsoft.com/security/advisory/2718704
The 2718704 was released June 5 and it relates to most versions of Windows. It is a very serious issue.