As reported earlier in a post which pointed out the connection between Flame and Stuxnet, Flame has been named to be one of the most complicated malware ever written. Security analysts have also made clear that it might be a state-sponsored attack.
As Locutus reported earlier, some Gmail accounts have already been compromised, and now Google displays a warning to compromised users about “state-sponsored attacks”. The method of Flame’s attack might also remind us about the little and simple advice that many security experts, as well as bloggers, always give us: do not login with Administrative privileges for daily usage. According to Microsoft, a attacker who is able to exploit the Windows vulnerability will be able to attain all the privileges held by the active user. So, it’s time to understand what everyone really meant by “do not login as Administrator”.
From the time it was first detected, security firms have been working to provide updates and tools to remove Flame. Certain security vulnerabilities of computers running Windows operating system were being exploited by Flame. Flame injected itself into Windows PCs by spoofing a Microsoft Digital Certificate which enabled it to look legitimate to the operating system. It spread to the target systems through the Windows Update facility. To block the spread of Flame, by updating the non-legitimate certificate list automatically, Microsoft has now released an auto-update facility for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
For more details about the auto-updater, visit Microsoft Support. Microsoft has also released a Fix It solution which “blocks the attack vector for this vulnerability”.