6/10/2012

Digital Suicide

The creators of the Flame malware have sent a "suicide" code that located every Flame file sitting on a PC, removed it and then overwrote memory locations with gibberish to thwart forensic examination.

Security firm Symantec caught the command using booby-trapped computers set up to watch Flame's actions. Flame came to light after the UN's telecoms body asked for help with identifying a virus found stealing data from many PCs in the Middle East.

New analysis of Flame reveals how sophisticated the program is and gives hints about who created it.

Flame's creators do not have access to all their C&C computers as security firms have won control of some of them.The "suicide" command was "designed to completely remove Flame from the compromised computer.

According to cryptographic experts, Flame is the first malicious program to use an obscure cryptographic technique known as "prefix collision attack". This allowed the virus to fake digital credentials that had helped it to spread.

The exact method of carrying out such an attack was only demonstrated in 2008 and the creators of Flame came up with their own variant.

0 comments:

Post a Comment

Grace A Comment!