+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Windows Thread, Flame Malware in Technical; Hello all, Thought I'd make you all aware of a new malware called 'Flame', here are some details . It ...
  1. #1

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346

    Lightbulb Flame Malware

    Hello all,

    Thought I'd make you all aware of a new malware called 'Flame', here are some details.

    It looks particularly nasty as it creates unauthorised certificates as if they came from Microsoft themselves. That's only going to cause trouble!

    This affects Windows XP/2003/Vista/2008/7/2008 R2, both x86 and x64.

    I suspect Windows 8 and Server 2012 will include the patch by default.

  2. 2 Thanks to Michael:

    mac_shinobi (12th June 2012), witch (11th June 2012)

  3. #2
    mmoseley's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    759
    Thank Post
    109
    Thanked 108 Times in 82 Posts
    Blog Entries
    2
    Rep Power
    45
    Yeah, saw this on the BBC website the other day...info here: BBC News - Flame: Attackers 'sought confidential Iran data' Apparently its been around for years, in some form or another....:/
    Last edited by mmoseley; 5th June 2012 at 10:31 PM.

  4. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    On a related issue, if you've setup WSUS as per my recommendations here, you'll find your servers should already be patched!

    2008 R2 installs the update without needing a restart. 2003 does need a restart to complete the update.

  5. #4


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,808
    Thank Post
    262
    Thanked 2,969 Times in 2,183 Posts
    Rep Power
    847

  6. #5

    Join Date
    Dec 2011
    Location
    Bakersfield
    Posts
    14
    Thank Post
    4
    Thanked 4 Times in 3 Posts
    Rep Power
    7
    These updates broke my WSUS and I cannot get anything to work again. I guess I will be rebuilding the server...
    Last edited by zlorimer; 11th June 2012 at 10:36 PM.

  7. #6


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,808
    Thank Post
    262
    Thanked 2,969 Times in 2,183 Posts
    Rep Power
    847
    Quote Originally Posted by zlorimer View Post
    These updates broke my WSUS
    Could it be proxy related?

    The company's Windows Server Update Services, which businesses and organizations use to deliver patches to large fleets of PCs, will no longer work through network proxies that use deep packet content inspection, Microsoft representatives said in an advisory published Friday afternoon. Such proxies act as man-in-the-middle devices that can peek inside encrypted traffic as it travels from a local network onto the Internet. Enterprises that have inspection servers in place will have to create exception rules so all Windows Update traffic is bypassed.

  8. #7

    Join Date
    Dec 2011
    Location
    Bakersfield
    Posts
    14
    Thank Post
    4
    Thanked 4 Times in 3 Posts
    Rep Power
    7
    Nah. We don't use proxies here. I cannot open the MMC using the Internal MS DB setup on WSUS3.0 SP2. I am thinking I am going to have to rebuild it because I cannot find any real answers or anything.
    Last edited by zlorimer; 11th June 2012 at 11:52 PM.

  9. #8

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    I've not had any problems applying the update to WSUS 3.0 SP2 on both 2003 and 2008 R2 servers. I'd try repairing the product and this should resolve it.

  10. #9

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    And I just remembered, today is Patch Tuesday with 7 updates being released later today!

  11. #10

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,839
    Thank Post
    669
    Thanked 2,188 Times in 1,493 Posts
    Blog Entries
    19
    Rep Power
    900
    If this is the "Flame" I'm thinking of... It's a Stuxnet variant.

    That is to say, it's the same level of shenanigans and subterfuge... by the same people.


    Also: Stuxnet/Flame comparison
    Last edited by X-13; 12th June 2012 at 09:42 AM.

  12. #11

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    3,217
    Thank Post
    943
    Thanked 645 Times in 504 Posts
    Rep Power
    288
    see here... http://www.crysys.hu/skywiper/skywiper.pdf it's a very interesting in depth article containing a comparison of flame/skywiper and stuxnet, they are not the same at all, or even derived from each other. They contain some similar components and modes of operation but are very different beasts.

  13. #12

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,839
    Thank Post
    669
    Thanked 2,188 Times in 1,493 Posts
    Blog Entries
    19
    Rep Power
    900
    Quote Originally Posted by Oaktech View Post
    see here... http://www.crysys.hu/skywiper/skywiper.pdf it's a very interesting in depth article containing a comparison of flame/skywiper and stuxnet, they are not the same at all, or even derived from each other. They contain some similar components and modes of operation but are very different beasts.
    From what I've heard, and I may have misread, it's looking likely that it was made by the US/Iranian government... Like Stuxnet.

    This is what I was saying. If true, it looks like it's more cloak+dagger cyber shenanigans... and not really anything the average end-user needs to worrk about.

  14. #13

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    3,217
    Thank Post
    943
    Thanked 645 Times in 504 Posts
    Rep Power
    288
    Quote Originally Posted by X-13 View Post
    From what I've heard, and I may have misread, it's looking likely that it was made by the US/Iranian government... Like Stuxnet.

    This is what I was saying. If true, it looks like it's more cloak+dagger cyber shenanigans... and not really anything the average end-user needs to worrk about.
    Right ho...

    The finger has been pointed at the US and or israel for stuxnet, flame is significantly different in style, probably not the same group of coders, but a broadly similar idea. No one is really able to point the finger for flame yet.

    Obviously it's not a great idea to have backdoor access software floating around on ones pc/network, but i agree that it is probably of very little concern for most people... it's got bigger fish to fry!

  15. #14

    Join Date
    Dec 2011
    Location
    Bakersfield
    Posts
    14
    Thank Post
    4
    Thanked 4 Times in 3 Posts
    Rep Power
    7
    Quote Originally Posted by Michael View Post
    I've not had any problems applying the update to WSUS 3.0 SP2 on both 2003 and 2008 R2 servers. I'd try repairing the product and this should resolve it.
    It seems to be a common problem I will post up if I can find a fix, but just a forewarning to everyone, be careful.
    WSUS 3.0 SP2 will not run after installing update 2720211

  16. #15

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,345
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    Quote Originally Posted by zlorimer View Post
    It seems to be a common problem I will post up if I can find a fix, but just a forewarning to everyone, be careful.
    WSUS 3.0 SP2 will not run after installing update 2720211
    Looking at that, I wonder if the common factor are admins using SQL 2008 instead of the Windows Internal Database (WID). I use WID in all instances.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. XP Antivirus Malware - More convincing than the real thing!
    By flyinghaggis in forum General Chat
    Replies: 14
    Last Post: 30th August 2008, 09:43 PM
  2. Malware/Adware or Spyware Computer Infected
    By MyDejaVu in forum Windows
    Replies: 10
    Last Post: 30th May 2008, 08:44 PM
  3. Vista security credentials tarnished in malware survey
    By cookie_monster in forum General Chat
    Replies: 0
    Last Post: 9th May 2008, 02:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •