A new virus called Flame has been detected by Kaspersky Lab. According to its representatives, this software is the most dangerous and complex of all that currently exists.
The Flame virus was designed to avoid
Iran’s nuclear program, but terrorists could take advantage of it. This software is able to disable Boeing 787 airborne systems.
Today it is known that Kaspersky is the safest program: the virus of the configuration in question cannot destroy the protection system created by this antivirus. However, Microsoft has already created a special patch for the Windows operating system. It is able to rid the computer of one of the most dangerous viruses - Flame.
This application is able to eliminate certificates by which the Flame virus enters a device with a newly installed Windows.
Microsoft experts do not know how cybercriminals gained access to company certificates and how they managed to integrate malware into Windows.
It cannot be ruled out that Microsoft certificates fell into the hands of other scammers thanks to the creators of Flame. This, of course, can lead to additional problems.
The new patch has more options to prevent the spread of Flame than to cure already infected computers. Malicious software worked with a special certificate that was stolen. Now the system is not capable of recognizing the certificate, and the virus will not install on the computer.
Based on the findings of the antivirus company Symantec, the Flame virus uses Bluetooth technology to monitor and intercept information from other devices. A Symantec press release explains that functionality that uses Bluetooth technology is implemented in a separate BeetleJuice module. It starts according to the values ​​of configuration parameters that are set by attackers.
All available Bluetooth devices are searched at startup. After the device is detected, its status is requested and parameters are recorded. Next, set up a Bluetooth beacon. This means that when Bluetooth is turned on, the infected computer will always be visible.
Using W32.Flamer, information about an infected computer is encoded , and then stored in a special “description” field. If the surrounding area is scanned by any other Bluetooth-enabled device, a specific field is displayed, while completely impersonating itself.
Symantec identified three scenarios in which the Flame virus uses Bluetooth:
1. In the range of the infected computer, continuous monitoring of Bluetooth devices. As a result, it is very easy for an attacker to obtain a list of different detected devices. In most cases, these will be mobile phones that are familiar to the victim. In this way, one can trace the victim’s social circle.
2. Tracking the location of the victim. Using a mobile phone, which is already known to the “attacker”, passive monitoring is carried out and the victim’s location is tracked.
3. Wider collection of information. Using apps apps, you can:
• enter the address book, which is located in someone else's phone;
• read SMS messages;
• eavesdrop on a headset using a Bluetooth device;
• stolen data can be transmitted through communication channels of other devices.
All this allows you to bypass firewalls and network monitoring tools. That’s why it’s beneficial for an attacker to use their own Bluetooth device, which is a mile from the source.
Be careful that the Flame virus does not get into your mobile phone or computer.