Flame Virus Signed With Microsoft Root Authority Certificates

Microsoft on Monday released a high-priority Windows update and a security advisory after it was discovered that part of the Flame malware infecting computers throughout the Middle East were signed with trusted digital certificates that have been linked to the Microsoft Root Authority.

By improperly using Microsoft certificates the Flame malware could mislead a user into thinking they are installing a safe program while at the same time bypassing operating system safeguards. By bypassing safeguards the malware is then installed.

By updating per Microsoft’s request users will revoke two intermediate certificate authorities used in the malwares coding.

While Microsoft officially confirmed the use of the certificates the company did not reveal who had access to the certificates or discuss the possibility that the certificates may have been misused by authorized personnel.

The official Microsoft Security Research and Defense blog simply stated:

“What we found is that certificates issued by our Terminal Services licensing certification authority, which are intended to only be used for license server verification, could also be used to sign code as Microsoft.”

Microsoft also pointed out that Flame is not a traditional computer virus that will propagate easily to other computers and that most anti-virus programs will now pick up on the malware.

Computers infected with Flame are susceptible to network traffic sniffing, screenshot grabs, audio recordings and keystroke logging among other potential security threats. Flame is only capable of infecting Microsoft Windows based machines which is why Microsoft is urging all users to update their software as soon as possible.