Flame and other malware should not make you feel dumb! – 06072012

How did they infect my machine and what did I do wrong?  It is hard to always see an infection coming on. We sometimes ignore the signs, but often we do not even see them. Worse is we are doing something we believe is good and then get infected.

It is just that the creators of Flame are taking advantage of users trying to keep their system up to date, by spoofing the update function of your computer. Check out Flame Used Windows Update Mechanism to Lure Victims at CIO Insight, or the original article at eWeek Flame Spoofed the Windows Update Mechanism to Infect Computers

In my first blog we wrote about the man in the middle, after reading this it is simply this:
Your PC tries to connect to Microsoft and is redirected through an infected machine that sends the Fake Update.  The process is a type of Hijack known as NetBios WPAD and appears to be well  known and published how to do it.  During the process of computer name resolution an infected machine will identify itself as the WPAD Server and send corrupted address information to the healthy machine and then cause it to go to a bad location for its updates.

This article does not give much of a response on how to prevent future attacks, it does show how sophisticated these attacks are.  Also, Microsoft says these attacks have prompted them to harden Windows Update Procedures, and and update was released to revoke some of Microsoft’s security certificates that have been identified as unauthorized certificates.

Some good info and some overly detailed about this infection, but as I opened with this much going on in the background no user should feel stupid over infections like this one.  you just can not see this one coming.

Shop Amazon – Father’s Day Gifts

Techie talk presented by the techies at www.end2endsupport.com and E2 Computers of Tarpon Springs.


Copyright 2014 Simply Reliable Solutions, llc and E2 Computers.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

End2End