http://www.wired.com/threatlevel/2013/03/flame-windows-update-copycat/ By Kim Zetter Threat Level Wired.com 03.01.13 When the sophisticated state-sponsored espionage tool known as Flame was exposed last year, there was probably no one more concerned about the discovery than Microsoft, after realizing that the tool was signed with an unauthorized Microsoft certificate to verify its trustworthiness to victim machines. The attackers also hijacked a part of Windows Update to deliver it to targeted machines. After examining the nature of the certificate attack and everything the malicious actors needed to know to pull it off, Microsoft engineers estimated that they had about twelve days to fix the weaknesses it exploited before other, less sophisticated actors would be able to repeat the attack on Windows machines. But then Microsoft conducted some tests to recreate the steps that copycat attackers would have to follow and discovered that it would take just three days in fact to repeat the Windows Update and certificate portion of the attack in order to deliver other signed malware to victim machines. “So that’s when we switched to Plan B,” says Mike Reavey, senior director of the Microsoft Security Response Center, speaking at the RSA Security Conference on Thursday. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Sun Mar 03 2013 - 22:42:42 PST
This archive was generated by hypermail 2.2.0 : Sun Mar 03 2013 - 22:34:47 PST