Feeds

Flame gets suicide command

Symantec honeypot spots ‘flame-out’

Intelligent flash storage arrays

The controllers of the Flame malware have apparently reacted to the publicity surrounding the attack by sending a self-destruct command.

According to Symantec, some command-and-control machines have sent a command designed to wipe Flame from compromised computers.

The command, which Symantec has dubbed “urgent suicide”, was captured on honeypots (since an ordinary machine would have the malware removed without the user noticing).

The C&C server shipped a file called browse32.ocx, which acts as a Flame uninstaller, complete with a list of files and folders to be deleted. After deletion, the module overwrites the disk with random characters. As Symantec notes, the uninstaller “tries to leave no traces of the infection behind”, in an attempt to thwart anyone capturing and analyzing the malware.

The module is instructed to remove more than 160 files and four folders. Symantec says Flame had originally shipped with a suicide module, and they don’t know why a new suicide module was used.

“The version of this module that we have was created on May 9, 2012,” Symantec’s post notes, which was “just a few weeks” before the malware became known. ®

Security for virtualized datacentres

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Shellshock over SMTP attacks mean you can now ignore your email
'But boss, the Internet Storm Centre says it's dangerous for me to reply to you'
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.