Some interesting developments re. the Flame malware (MP3, 44MB
) recently covered on the Security Now podcast. For a start, it now seems to be produced out of the same shop that brought you Stuxnet (ie. it would seem to be government sponsored). And how is this for nasty:
* Has a forged (but valid) certificate from Microsoft.
* Installs itself as a proxy / man in the middle against Windows Update service.
* Signs its own malicious components, using the forged Microsoft certificate and hands them off as updates.
Microsoft has reacted by introducing automatic updates to their list of untrusted/revoked certificates, creating a certificate specifically for signing updates to the Windows Update client, no longer allowing windows update to operate via a proxy, and has given advance notice that they are going to kill ALL certificates using 1024 bit keys or less, whether you like it or not.
When governments break their own laws, it seriously makes me not want to pay tax.