Speculations
about the ‘most sophisticated cyber weapon yet unleashed’ especially in the
middle-east has remediation, exactly
interpreting Newton’s Third Law of motion “For every action there is an equal
and opposite reaction”. That’s why the antivirus giants are made for..!
Flame/W32
Malware
Cyber attacks are becoming increasingly
sophisticated through programs that can operate many actions remotely without
being detected easily. This Notice will illustrate the function of
“Worm.W32/FLAME” a malware targeting Windows based systems (XP, Vista and
Windows 7), presenting an incredible set of features that would capture
sensitive information and send it to remote servers for criminal, espionage or
other malicious activities.
I just reviewed our antivirus protection labs
online which says that we are protected with this outbreak. I confirmed to my colleagues for not to be panic as that our infrastructure running McAfee
ePO - McAfee DAT protection has taken care of this virus/malware coz. we were currently running 6727 Dat ver. released yesterday. The AV & ASpyware
coverage for W32/Skywiper was included in 6726 version itself.
[AV / MWG
Coverage is provided in the 6726 DATs released on May 29) as
"Skywiper"]
Spreading
method
The malware spreads via networks or removable
media; it may also hold different names as described in a table in the Appendix
B of this document.
Risks
The most direct and immediate risk
highlighted by this event is the theft of sensitive information or records. In
general, the risks are multiple when considering the number of existing or
upgradeable functions that this malware allows to plug-in.
Detection
Watch
carefully for the presence of the following files on your system:
1.
Perform a search for the file ~DEB93D.tmp. Its presence on a system means that
it either is or has been infected by Flame.
2. Check the registry key HKLM_SYSTEM\CurrentControlSet\Control\Lsa\ Authentication Packages.
If you find mssecmgr.ocx or authpack.ocx in there - you are infected with Flame.
3. Check for the presence of the following catalogs. If present - you’re infected.
C:\Program Files\Common Files\Microsoft Shared\MSSecurityMgr
C:\Program Files\Common Files\Microsoft Shared\MSAudio
C:\Program
Files\Common Files\Microsoft Shared\MSAuthCtrl
C:\Program
Files\Common Files\Microsoft Shared\MSAPackages
C:\Program
Files\Common Files\Microsoft Shared\MSSndMix
4. Perform a search for the following files:
svchost1ex.mof
Svchostevt.mof
frog.bat
netcfgi.ocx
authpack.ocx
~a29.tmp
rdcvlt32.exe
to961.tmp
authcfg.dat
Wpab32.bat
ctrllist.dat
winrt32.ocx
winrt32.dll
scsec32.exe
grb9m2.bat
winconf32.ocx
watchxb.sys
sdclt32.exe
scaud32.exe
pcldrvx.ocx
mssvc32.ocx
mssui.drv
modevga.com
indsvc32.ocx
comspol32.ocx
comspol32.dll
browse32.ocx
Recommendations/Risk
Mitigation
The following actions will help to contain and
remove the infection of the malware:
·
Patch your
Windows system, office applications and instant messenger applications
·
Update your
antivirus/antimalware solution
Virus
detected by AV software
The
malware can have various names and here is a list below with has been
identified with different naming:
Antivirus Result
AhnLab-V3 -
AntiVir TR/Flamer.A
Antiy-AVL -
Avast -
AVG -
BitDefender Trojan.Flame.A
ByteHero -
CAT-QuickHeal -
ClamAV -
Commtouch -
Comodo -
DrWeb Win32.HLLW.Flame.1
Emsisoft Worm.Win32.Flame!IK
eSafe -
F-Prot -
F-Secure Trojan.Flame.A
Fortinet -
GData Trojan.Flame.A
Ikarus Worm.Win32.Flame
Jiangmin -
K7AntiVirus EmailWorm
Kaspersky Worm.Win32.Flame.a
McAfee SkyWiper
McAfee-GW-Edition Artemis!BDC9E04388BD
Microsoft Worm:Win32/Flame.gen!A
NOD32 Win32/Flamer.A
Norman -
nProtect Worm/W32.Flame.6166528
Panda -
PCTools Malware.Flamer
Rising -
Sophos W32/Flame-Gen
SUPERAntiSpyware -
Symantec W32.Flamer
TheHacker -
TotalDefense -
TrendMicro WORM_FLAMER.A
TrendMicro-HouseCall -
VBA32 BScope.Trojan.MTA.01233
VIPRE Worm.Win32.Flame.a
ViRobot Worm.Win32.S.Flame.6166528
VirusBuster -
..
more Antivirus & Antispyware
..
more Antivirus Free recommended Downloads