What is the Flame virus and how to deal with it?
A new virus called Flame was discovered by the company "Kaspersky Lab". According to its representatives, this software is the most dangerous and complex of all that exists today.
For today it is known that the safestthe program is Kaspersky: the virus of the configuration in question can not destroy the protection system created by this antivirus. However, Microsoft specialists have already created a special patch for the Windows operating system. It is able to rid the computer of one of the most dangerous viruses - Flame.
This application is able to eliminate the certificates with which the Flame virus gets on the device with the newly installed Windows.
Microsoft experts do not know how cybercriminals got access to company certificates and how they managed to integrate malware into Windows.
It can not be ruled out that Microsoft's certificates fell into the hands of other scammers thanks to the creators of Flame. This, of course, can lead to additional problems.
The new patch has more options to preventspreading Flame, than to heal already infected computers. Malicious software worked with a special certificate that was stolen. Now the system is not capable of recognizing the certificate, and the virus does not install on the computer.
Based on the findings of the antivirus company Symantec,The Flame virus uses Bluetooth technology to monitor and intercept information from other devices. In a press release Symantec explains that the functionality that uses Bluetooth technology is implemented in a separate module BeetleJuice. It starts according to the values of the configuration parameters that are set by the attackers.
Find all available Bluetooth devicesis performed at startup. After the device is detected, its status is requested and parameters are recorded. Next, a Bluetooth beacon is configured. This means that when the Bluetooth is on, the infected computer is always visible by the virus.
With W32.Flamer encodes information about a computer that is being corrupted, and then stored in a special "description" field. If the environment is scanned by any other Bluetooth-enabled device, then a specific field is displayed, while completely giving itself out.
Symantec identified three scenarios in which the Flame virus uses Bluetooth:
1. In the zone of reach of the infected computer, constant monitoring of Bluetooth-devices. As a result, it is very easy for an attacker to get a list of various detected devices. In most cases - these will be mobile phones that are familiar to the victim. Thus, it is possible to trace the circle of communication of the victim.
2. Track the victim's location. Using a mobile phone, which is already known to the "attacker", passive monitoring is conducted and the victim's location is tracked.
3. Wider collection of information. With apps you can:
• enter the address book, which is in someone else's phone;
• read SMS messages;
• eavesdrop on the headset using a Bluetooth device;
• Stolen data can be transmitted through the communication channels of other devices.
All this allows you to bypass firewalls and network monitoring tools. That's why it is advantageous for an attacker to use his own Bluetooth device, which is a mile from the source.
Be vigilant that the Flame virus does not get into your mobile phone or computer.
</ p>
