+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Windows Thread, Flame Malware in Technical; Hello all, Thought I'd make you all aware of a new malware called 'Flame', here are some details . It ...
  1. #1

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340

    Lightbulb Flame Malware

    Hello all,

    Thought I'd make you all aware of a new malware called 'Flame', here are some details.

    It looks particularly nasty as it creates unauthorised certificates as if they came from Microsoft themselves. That's only going to cause trouble!

    This affects Windows XP/2003/Vista/2008/7/2008 R2, both x86 and x64.

    I suspect Windows 8 and Server 2012 will include the patch by default.

  2. 2 Thanks to Michael:

    mac_shinobi (12th June 2012), witch (11th June 2012)

  3. #2
    mmoseley's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    752
    Thank Post
    109
    Thanked 105 Times in 80 Posts
    Blog Entries
    2
    Rep Power
    43
    Yeah, saw this on the BBC website the other day...info here: BBC News - Flame: Attackers 'sought confidential Iran data' Apparently its been around for years, in some form or another....:/
    Last edited by mmoseley; 5th June 2012 at 09:31 PM.

  4. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    On a related issue, if you've setup WSUS as per my recommendations here, you'll find your servers should already be patched!

    2008 R2 installs the update without needing a restart. 2003 does need a restart to complete the update.

  5. #4


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,896
    Thank Post
    226
    Thanked 2,674 Times in 1,971 Posts
    Rep Power
    786

  6. #5

    Join Date
    Dec 2011
    Location
    Bakersfield
    Posts
    14
    Thank Post
    4
    Thanked 4 Times in 3 Posts
    Rep Power
    6
    These updates broke my WSUS and I cannot get anything to work again. I guess I will be rebuilding the server...
    Last edited by zlorimer; 11th June 2012 at 09:36 PM.

  7. #6


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,896
    Thank Post
    226
    Thanked 2,674 Times in 1,971 Posts
    Rep Power
    786
    Quote Originally Posted by zlorimer View Post
    These updates broke my WSUS
    Could it be proxy related?

    The company's Windows Server Update Services, which businesses and organizations use to deliver patches to large fleets of PCs, will no longer work through network proxies that use deep packet content inspection, Microsoft representatives said in an advisory published Friday afternoon. Such proxies act as man-in-the-middle devices that can peek inside encrypted traffic as it travels from a local network onto the Internet. Enterprises that have inspection servers in place will have to create exception rules so all Windows Update traffic is bypassed.

  8. #7

    Join Date
    Dec 2011
    Location
    Bakersfield
    Posts
    14
    Thank Post
    4
    Thanked 4 Times in 3 Posts
    Rep Power
    6
    Nah. We don't use proxies here. I cannot open the MMC using the Internal MS DB setup on WSUS3.0 SP2. I am thinking I am going to have to rebuild it because I cannot find any real answers or anything.
    Last edited by zlorimer; 11th June 2012 at 10:52 PM.

  9. #8

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    I've not had any problems applying the update to WSUS 3.0 SP2 on both 2003 and 2008 R2 servers. I'd try repairing the product and this should resolve it.

  10. #9

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    And I just remembered, today is Patch Tuesday with 7 updates being released later today!

  11. #10

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,094
    Thank Post
    592
    Thanked 1,953 Times in 1,351 Posts
    Blog Entries
    19
    Rep Power
    814
    If this is the "Flame" I'm thinking of... It's a Stuxnet variant.

    That is to say, it's the same level of shenanigans and subterfuge... by the same people.


    Also: Stuxnet/Flame comparison
    Last edited by X-13; 12th June 2012 at 08:42 AM.

  12. #11

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,807
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    see here... http://www.crysys.hu/skywiper/skywiper.pdf it's a very interesting in depth article containing a comparison of flame/skywiper and stuxnet, they are not the same at all, or even derived from each other. They contain some similar components and modes of operation but are very different beasts.

  13. #12

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,094
    Thank Post
    592
    Thanked 1,953 Times in 1,351 Posts
    Blog Entries
    19
    Rep Power
    814
    Quote Originally Posted by Oaktech View Post
    see here... http://www.crysys.hu/skywiper/skywiper.pdf it's a very interesting in depth article containing a comparison of flame/skywiper and stuxnet, they are not the same at all, or even derived from each other. They contain some similar components and modes of operation but are very different beasts.
    From what I've heard, and I may have misread, it's looking likely that it was made by the US/Iranian government... Like Stuxnet.

    This is what I was saying. If true, it looks like it's more cloak+dagger cyber shenanigans... and not really anything the average end-user needs to worrk about.

  14. #13

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,807
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    Quote Originally Posted by X-13 View Post
    From what I've heard, and I may have misread, it's looking likely that it was made by the US/Iranian government... Like Stuxnet.

    This is what I was saying. If true, it looks like it's more cloak+dagger cyber shenanigans... and not really anything the average end-user needs to worrk about.
    Right ho...

    The finger has been pointed at the US and or israel for stuxnet, flame is significantly different in style, probably not the same group of coders, but a broadly similar idea. No one is really able to point the finger for flame yet.

    Obviously it's not a great idea to have backdoor access software floating around on ones pc/network, but i agree that it is probably of very little concern for most people... it's got bigger fish to fry!

  15. #14

    Join Date
    Dec 2011
    Location
    Bakersfield
    Posts
    14
    Thank Post
    4
    Thanked 4 Times in 3 Posts
    Rep Power
    6
    Quote Originally Posted by Michael View Post
    I've not had any problems applying the update to WSUS 3.0 SP2 on both 2003 and 2008 R2 servers. I'd try repairing the product and this should resolve it.
    It seems to be a common problem I will post up if I can find a fix, but just a forewarning to everyone, be careful.
    WSUS 3.0 SP2 will not run after installing update 2720211

  16. #15

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by zlorimer View Post
    It seems to be a common problem I will post up if I can find a fix, but just a forewarning to everyone, be careful.
    WSUS 3.0 SP2 will not run after installing update 2720211
    Looking at that, I wonder if the common factor are admins using SQL 2008 instead of the Windows Internal Database (WID). I use WID in all instances.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. XP Antivirus Malware - More convincing than the real thing!
    By flyinghaggis in forum General Chat
    Replies: 14
    Last Post: 30th August 2008, 08:43 PM
  2. Malware/Adware or Spyware Computer Infected
    By MyDejaVu in forum Windows
    Replies: 10
    Last Post: 30th May 2008, 07:44 PM
  3. Vista security credentials tarnished in malware survey
    By cookie_monster in forum General Chat
    Replies: 0
    Last Post: 9th May 2008, 01:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •