Flame virus could delete files, as well as copy them

By Graeme Burton
22 Jun 2012 View Comments
A bonfire

The Flame virus, discovered in Iran in May, was able to completely wipe data from infected PCs, according to Symantec security researcher Vikram Thakur.

The company has found a component that enables operators to delete files from computers, disabling applications or removing sensitive files, Thakur told Reuters. "These guys have the capability to delete everything on the computer," he said. "This is not something that is theoretical."

Further reading

Prior to Thakur's revelation, it was believed that Flame was designed only to eavesdrop on computer activity by recording conversations and stealing data.

The Flame virus is beginning to yield its secrets as security researchers take it apart and investigate its properties. Earlier in the month, Eugene Kaspersky, CEO of anti-virus software supplier Kaspersky Labs, said that his company's researchers had found code in Flame that was nearly identical to that found in Stuxnet.

Recent press reports based on leaks from the US government have suggested that both Stuxnet and Flame were the work of intelligence agencies, which, in the mid-2000s, were authorised by President George W Bush to use cyber warfare to disrupt Iran's growing nuclear programme.

However, some specialists have speculated that the creators of both items of malware also needed to have access to Windows source code in order to be able to craft their attacks.

Flame was able to spread almost undetected as it took advantage of a known weakness in the Windows Update function to download and install itself on target computers without users' knowledge. That also helped put it under the radar of anti-virus and other security software.

Furthermore, the flaw in Windows Update that Flame exploited – a weakness in the MD5 cryptographic algorithm used to sign and authenticate certificates – is widely used across IT to sign servers, code and even for virtual private network (VPN) access.

Indeed, encryption and certificate management software and services supplier Venafi has claimed that MD5 is used in almost all major organisations. Venafi CEO Jeff Hudson has warned that it needs to be completely removed in order to neutralise the threat posed by hackers taking advantage of the flaw.

With Flame demonstrating how the flaws in MD5 can be exploited, hackers will already be crafting new attacks to take advantage of its weaknesses, Hudson has warned.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

36 %
31 %
13 %
20 %