PCWorld – (International) ‘Flame’ spread via rogue Microsoft security certificates. Analysis of the “Flame” code revealed rogue Microsoft security certificates were used to make the malware appear as if it was officially signed by Microsoft. Microsoft issued a security advisory June 3, revoked trust in the rogue certificates, and provided steps to help IT admins and users prevent attacks that rely on the spoofed Microsoft certificates. A post on the Microsoft Security Response Center blog stated, “We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft.” The Microsoft blog post explained that a vulnerability in an old cryptography algorithm is exploited by elements of Flame to make them appear as if they originated from Microsoft. Most systems around the world accept officially signed Microsoft code as safe by default, so the malware would enter unnoticed.
Ali Loney, on June 04, 2012