Elite Computers
REGISTER Other People All Forums Active Topics Contact Staff Enter a PC Buy a PC Forum Search Forum Help Main Forum menuNoLogin Image Map
Username:
Password:
Save Password
Forgot your Password?

Who's here at 4:42:08 AM on 11/21/2017?
 All Forums
 Computer Forums
 Computer Specific Topics
 Flame virus used world-class cryptographic attack
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

BigDOGGe
Administrator
MY PC

USA
566 Posts

Posted - 06/08/2012 :  9:50:01 PM  Show Profile  Reply with Quote
Flame virus used world-class cryptographic attack


Jacob Aron

.


The recently discovered computer worm Flame that attacked Iranian networks could have been created only by "world-class" cryptographers, say experts in the field who have discovered that the malware uses a previously unseen cryptographic attack.


Flame installs itself on a target computer by hijacking the Windows Update system. Normal updates are signed with a digital certificate that verifies their origin, but Flame's creators were able to fake their own certificate.


Such certificates are signed by a hash algorithm that converts any digital data into a short sequence of characters. It isn't possible to recover the original data from this sequence, but it can be used to verify it, allowing the hash sequence to act as a virtual "signature". Crucially, it should be very difficult to discover two pieces of data that convert to the same hash sequence - otherwise someone can perform a "collision attack", generating a spoof hash sequence without knowing the original data.

That's exactly what Flame's authors have done, though it isn't the first time the feat has been achieved. In 2008 cryptographer Mark Stevens and colleagues showed that the oft-used MD5 hash algorithm is vulnerable to collision attacks - a feat that required 200 PlayStation 3 consoles to crunch through the numbers to find a match.


Now Stevens and others have analysed Flame's code and discovered it uses a previously unseen variant of the attack, probably developed before his research was published, allowing the attackers to calculate the exact hash sequence used by Microsoft's update system.

"The results have shown that not our published chosen-prefix collision attack was used, but an entirely new and unknown variant," says Stevens. "This has led to our conclusion that the design of Flame is partly based on world-class cryptanalysis."


Whoever designed Flame, they are now trying to cover their tracks. Antivirus firm Symantec says that computers infected with Flame have received a "suicide" update module designed to completely remove the worm. It appears that this module was created on 9 May, just a few weeks before the malware became publicly known.



.

KC
Head Honcho
MY PC

USA
3052 Posts

Posted - 06/14/2012 :  5:47:14 PM  Show Profile  Reply with Quote
Fascinating.
That'll sure piss of MS and cost them some money.

KC's Kruisers - It's all how you look at things
Go to Top of Page

BigDOGGe
Administrator
MY PC

USA
566 Posts

Posted - 06/14/2012 :  7:03:38 PM  Show Profile  Reply with Quote
Current articles now say the USA and Israel were responsible, and offered a few believable tie-ins.

Who else did they expect?

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Elite Computers Go To Top Of Page
Snitz Forums 2000