How The Flame Malware Stayed Hidden For So Long

Type threatpost
Reporter Paul Roberts
Modified 2013-07-24T18:00:52


The past week has brought to light more revelations abouRoel Schouwenbergt the mysterious Flame (or sKyWIper) worm that was first identified at the end of May. Among them: the eye-popping admission from Microsoft that the malware’s authors found a way to use that company’s Windows Update feature to distribute the malware.


The details of that attack include a completely novel method to defeat the MD5 hashing algorithm – putting to bed any questions that those behind Flame were more than just callow opportunists.

While the technical details of the attack might make even the most tech-savvy reader’s eyes go fuzzy, antivirus expert Roel Schouwenberg of Kaspersky Lab sat with Threatpost editor Paul Roberts to talk about Flame and what’s changed in our knowledge of the malware in the last week.

Schouwenberg says that the use of Windows Update is a turning point. “Windows update is like something sacred,” Schouwenberg told Threatpost editor Paul Roberts. “Now we have this situation where somebody managed to push malware through Windows update. I think any of the Flame detractors that may have been saying that Flame wasn’t that interesting. I think that if you needed any more proof, here it is.”