Flame: replication via Windows Update MITM proxy
Revision as of 17:57, 7 February 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " www.securelist.com" to "")
(Publication) Google search: [1]
Flame: replication via Windows Update MITM proxy | |
---|---|
Botnet | Flame |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / June 06,2012 |
Editor/Conference | Kaspersky lab |
Link | http://www.securelist.com/en/blog/208193566/Flame Replication via Windows Update MITM proxy server (Archive copy) |
Author | Aleks |
Type |
Abstract
“ The Flame malware uses several methods to replicate itself. The most interesting one is the use of the Microsoft Windows Update service. This is implemented in Flame’s “SNACK”, “MUNCH” and “GADGET” modules. Being parts of Flame, these modules are easily reconfigurable. The behavior of these modules is controlled by Flame’s global registry, the database that contains thousands of configuration options.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1027, editor = {Kaspersky lab}, author = {Aleks}, title = {Flame: replication via Windows Update MITM proxy}, date = {06}, month = Jun, year = {2012}, howpublished = {\url{http://www.securelist.com/en/blog/208193566/Flame_Replication_via_Windows_Update_MITM_proxy_server}}, }