With just $0.05 a day, this Blueprint will make us strong, firm warriors in the battle to end poverty-->

Truth is in favor of you and me; for the truth of our enemies whom we have been serving here in the U.S.A. for over 400 years (whom we did not know to be our enemies by nature) is the truth that the Black Man must have knowledge of to be able to keep from falling into the deceiving traps that are being laid by our enemies to catch us in their way which is opposed to the way of righteous of whom we are members. ~ The Honorable Elijah Muhammad

Wednesday, June 6, 2012

Microsoft Update and The Nightmare Scenario

About 900 million Windows computers get their updates from Microsoft Update. In addition to the DNS root servers, this update system has always been considered one of the weak points of the net. Antivirus people have nightmares about a variant of malware spoofing the update mechanism and replicating via it.

Turns out, it looks like this has now been done. And not by just any malware, but by Flame.

The full mechanism isn't yet completely analyzed, but Flame has a module which appears to attempt to do a man-in-the-middle attack on the Microsoft Update or Windows Server Update Services (WSUS) system. If successful, the attack drops a file called WUSETUPV.EXE to the target computer.

This file is signed by Microsoft with a certificate that is chained up to Microsoft root.

Except it isn't signed really by Microsoft.

Turns out the attackers figured out a way to misuse a mechanism that Microsoft uses to create Terminal Services activation licenses for enterprise customers. Surprisingly, these keys could be used to also sign binaries.  - F-Secure Weblog
Enhanced by Zemanta

DISCLAIMER

Know4LIFE's Raw Info. is a blog designed to bring alternative news and information that is relevant to the Black and disadvantaged communities. As such, any and all views and opinions expressed herein, regardless of authorship, do not represent the views or opinions of any author's employer or people, institutions or organizations that the author may or may not be related to or affiliated with unless explicitly stated otherwise. Raw Info. includes links to other sites/blogs operated by third parties. These links are provided for convenience and informational purposes only. As such, the information, opinions, products, and/or services contained therein do not reflect the views and opinions of or represent endorsement Know4LIFE. All images that appear on Raw Info. are under the copyright of their respective owners. Know4LIFE does not claim credit for any image unless explicitly stated. If you own the rights to any image appearing on Raw Info. and do not wish for it to appear, please notify Know4LIFE immediately and the image shall be promptly removed.