Flame: replication via Windows Update MITM proxy
(Publication) Google search: [1]
| Flame: replication via Windows Update MITM proxy | |
|---|---|
| Botnet | Flame |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / June 06,2012 |
| Editor/Conference | Kaspersky lab |
| Link | http://www.securelist.com/en/blog/208193566/Flame Replication via Windows Update MITM proxy server www.securelist.com (www.securelist.com Archive copy) |
| Author | Aleks |
| Type | |
Abstract
“ The Flame malware uses several methods to replicate itself. The most interesting one is the use of the Microsoft Windows Update service. This is implemented in Flame’s “SNACK”, “MUNCH” and “GADGET” modules. Being parts of Flame, these modules are easily reconfigurable. The behavior of these modules is controlled by Flame’s global registry, the database that contains thousands of configuration options.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1027,
editor = {Kaspersky lab},
author = {Aleks},
title = {Flame: replication via Windows Update MITM proxy},
date = {06},
month = Jun,
year = {2012},
howpublished = {\url{http://www.securelist.com/en/blog/208193566/Flame_Replication_via_Windows_Update_MITM_proxy_server www.securelist.com}},
}