- Microsoft contains Flame with Windows Update revamp
- Crypto breakthrough shows Flame was designed by world-class scientists
- Flame’s “god mode cheat code” wielded to hijack Windows 7, Server 2008 (Updated)
- Flame malware wielded rare “collision” crypto attack against Microsoft
- Flame malware hijacks Windows Update to spread from PC to PC
The Flame espionage malware that infected Iranian computers has initiated a self-destruct command that removes all traces of itself on infected machines that receive the instruction, researchers said.
The 20-megabyte piece of malware already had a self-destruct module known as SUICIDE that removed all files and folders associated with Flame, but the purging command observed by Symantec researchers instead relied on a file called browse23.ocx that did much the same thing. The removal tool, which researchers from Kaspersky Lab briefly documented last month, was downloaded from a command and control server still under the control of Flame attackers to several machines in a honeypot. White hats monitored the activities of the sophisticated malware, which is also known as Flamer and sKyWIper.
“This command was designed to completely remove Flamer,” Symantec researchers wrote in a blog post. “The Flamer attackers were still in control of at least a few C&C servers, which allowed them to communicate with a specific set of compromised computers.”
See more here:
Flame espionage malware issues self-destruct command