 |
 |
On 06/08/12 15:50, l duynslager wrote: > > > Source: SANS NewsBites June 8, 2012 Vol. > 14, Num. 046 > > ************************************************************************ > > THE REST OF THE WEEK'S NEWS > --Flame Malware Extinguishes Itself > (June 7, 2012) > The people behind the Flame malware network appear to have responded to > recent publicity by sending out a command that has caused it to > self-destruct. Some of the command-and-control servers in Flame's > infrastructure sent out a file that is essentially a Flame > uninstaller, which also overwrites the disk with random characters to > help disguise its footprint. > > http://www.theregister.co.uk/2012/06/07/flame_suicide_command/ > http://news.cnet.com/8301-1009_3-57448813-83/flame-authors-force-self-destruct/ > [Editor's Note (Honan): This malware contains lots of interesting > techniques including its ability to use a MD5 chosen-prefix collision > attack. "Crypto breakthrough shows Flame was designed by world-class > scientists" > http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/] This is misleading, at best. The folks who control *this* version of Flame have indeed apparently done something to Flame, but that hardly means that all Flames are going to obey. No one has any idea of what Flame is, not really--there are already alternate versions of it, and likely there will be hundreds in the future. If you have any doubts about this, look for the Virtumond virus. I first encountered it around Christmas time in 2009, I think it was. By that time the following year there were at least 30 variants, and it had improved tremendously in terms of protecting itself from removal. Once things like this are in the wild they don't go away. I'm rather surprised that Sans would have said this in this way. --STeve Andre'