The ‘Flame’ computer virus is the latest ‘supervirus’ to spread across networks in the Middle East. This is a massive piece of software that can eavesdrop on Skype conversations and steal screenshots of information, though the full extent of its capabilities won’t be known for some time.
What’s interesting about this virus is that it takes advantage of a previously unknown – or ‘zero-day’ – vulnerability in all versions of Microsoft Windows by convincing Windows that it’s a legitimate piece of trusted software.
To prevent this type of activity, Microsoft normally ‘signs’ their updates with a digital security certificate that refers back to trusted Root Certificate Authorities. Somehow, the creators of the ‘Flame’ virus were able to get a rogue certificate with which they used to sign their virus, convincing Windows that it is safe to run.
Microsoft immediately countered this with an update over the weekend (update 2718704) which we are pushing out to all of our clients.
The virus looks like it could be the work of a nation-state and is likely to be contained to the Middle East for the moment. Even so, if you’re really concerned about this you should run a manual Windows Update on your computers to repair the hole in Microsoft’s Digital Certificate system.
For more information on the Flame virus, visit these links: