Flame Continues to Spread

Slide Show

Six Steps to Prevent Mobile Malware Attacks

Pardon the pun, but it seems the Flame malware is spreading like a wildfire. Over Memorial Day weekend, we were talking about Flame in relation to a Stuxnet-like attack on Iranian and other Middle Eastern networks. Today, the conversation turns to Flame spreading via a bogus Windows update.

 

Essentially, the malware is creating bogus certificates that fool Windows machines into thinking that parts of Flame are Microsoft products, according to PC World. Because Windows is fooled, it allows the malware into the system. And even though I always preach about the importance of patching and having good (and updated) anti-malware protection, this is an instance where the rule doesn't matter. Flame is infiltrating even fully patched machines.

 

Microsoft has responded quickly to the problem. The company released a security advisory on Sunday and has developed a patch to reject the bad certificates. This story should act as an alert, or at least a good reminder, that bad guys frequently use rogue certificates as a means of implanting viruses. Jeff Hudson, CEO at Venafi (a certificate management company), told me in an email:

Certificates exactly like the ones compromised as part of the Flame malware, are used everywhere in organizations worldwide today and are vulnerable to the exact same compromise. If organizations do not have an automated management system in place, the likelihood of a catastrophic event is very high. Also, when the event occurs, recovery and remediation will take a very long time. Just like you need to manage and keep software up to date, you need to do the same thing with certificates.

Hudson also provided the following examples of best practices to protect your system from rogue certificates:

 

  • Cohesive and Organized Management: Managing digital certificates and encryption keys takes effort from management, especially when multiple people are involved in the process. Errors can have serious operational and security ramifications, such as system outages or security compromises. Fortunately, you can do much to eliminate management errors and ensure success.
  • Establish Policies to Maintain Compliance: To maintain compliance, organizations must set clear policies, educate all stakeholders on the policies' practical implementations and audit policy-related operations and compliance. Fortunately, if the enterprise is keeping up to date with policies and operations, there is little room for risk.
  • Implement Operational Best Practices: It is critical to ensure you're using effective processes that can be practically implemented and, where possible, automated, to reduce operational and security risk. Wherever possible, leverage management tools to improve security while reducing operational overhead. Fortunately, you can use automated systems to reduce cost and risks


 

I suspect we haven't heard the last of Flame. And although Microsoft has pointed out that the attacks so far have been targeted and most customers are not at risk, we have to think it is only a matter of time until someone figures out how to use Flame for their advantage. Better to be prepared for the worst rather than think it won't happen to you.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date