Some components of the Flame spyware worm were signed using forged Microsoft certificates, according to a recent investigation by Microsoft. These unauthorised digital certificates allowed the Flame developers to make the malware appear as if it was actually created and approved by Microsoft.
The company has already released an emergency patch via Windows Update to block the certificates used by Flame.
Mike Reavey, Senior Director of Microsoft's Security Response Center (MSRC), says that the malicious code was signed using the company's Terminal Server Licensing Service, which is used by corporate customers to authorise Remote Desktop services. While Reavey doesn't provide specific details on how the Flame developers were able to sign their code with such certificates, he does say that it has something to do with exploiting a weakness in "an older cryptography algorithm".
Read this full article at H Security
|
|
Only registered users can write comments.
Please login or register.
Powered by AkoComment!