Entries in Virus (3)


'Flame' Compromises Key Microsoft Security System

iStockphoto/Thinkstock(NEW YORK) -- The cyber espionage super bug Flame compromised a key Microsoft security system, the company has now revealed, prompting Microsoft to issue an emergency patch to its millions of customers because of fears of what one expert called potential "collateral damage" from the U.S. and Israel's cyber war against Iran.

In an alert issued late Sunday, Microsoft told customers that the authors of Flame -- a highly sophisticated surveillance computer virus discovered on networks in the Middle East and Iran -- had figured out how to use Microsoft's own security system to forge digital security certificates, which then allowed the malicious code to spread undetected by anti-virus programs. Digital certificates are in part designed to authenticate interactions online and help protect computer networks from being accessed by unauthorized users.

Microsoft fixed the security breach, but was also forced to add the compromised certificates to its own growing list of "untrusted" certificates.

Microsoft said that since Flame was such a precisely targeted attack, a vast majority of customer systems that use digital certificates -- which includes U.S. government and financial institutions -- were not in danger of being infected, but said it had to take action because the same technique could be used by other "less sophisticated attackers to launch more widespread attacks."

While no country or group has taken responsibility for Flame, cyber security experts who have analyzed the code said it appears to be the latest volley in an advanced cyber campaign targeting Iran and was most likely developed by a wealthy nation-state -- leading many to suspect the involvement of the U.S. or Israeli governments. Five different U.S. government agencies declined to comment to ABC News about those allegations and the Israeli government has reportedly denied any link to the virus.

Former White House counter-terrorism advisor and ABC News consultant Richard Clarke said that the possible future attack that Microsoft warned about is the inevitable collateral damage seeping out from the Iran campaign.

"This may be an example of how U.S. and Israeli cyber war has the blowback effect that threatens the security of American networks," said Clarke, author of Cyber War.

Clarke initially raised concerns about the hidden risks of cyber war in early 2010 after researchers discovered Stuxnet, an unprecedented offensive cyber weapon that is believed to have physically damaged an Iranian nuclear facility. Stuxnet's complexity stunned and concerned experts including Michael Assante, President of the National Board of Information Security Examiners of the U.S., who told a Congressional committee in 2010 that after it was revealed, Stuxnet could serve as a "blue print" for other groups hoping to replicate part or all of that weapon.

A Congressional report compiled in 2010 warned, "It is widely believed that terrorist organizations do not currently posses the capability or have [not] made the necessary arrangements with technically savvy organizations to develop a Stuxnet-type worm. However... Stuxnet's design revelations may make it easier for terrorist organizations to develop such capabilities in the future."

Last week The New York Times reported that Stuxnet was a product of America's long-term cyber campaign against Iran and President Obama was personally concerned about the damage Stuxnet could do after it accidentally seeped online and started replicating around the world.

Researchers at the Russia-based cyber security firm Kaspersky Labs who were among the first to analyze Flame said similarities to Stuxnet in technique and targeting have led them to believe that the two were developed by the same entity as parallel projects.

The same day Microsoft revealed their security breach, the Israeli military made an unusual public announcement, saying they have "been engaged in cyber activity consistently and relentlessly, gathering intelligence and defending its own cyber space."

"Additionally if necessary the cyber space will be used to execute attacks and intelligence operations," Sunday's announcement said.

Representatives at Microsoft declined to comment for this report.

Copyright 2012 ABC News Radio


Facebook Beefs Up Security With New Anti-Virus Marketplace

Justin Sullivan/Getty Images(LOS ANGELES) -- Facebook has partnered with anti-virus software companies, including Microsoft, McAfee, TrendMicro, Sophos and Symantec, and is announcing Wednesday two major security steps.

Facebook will now incorporate the malicious URL databases from these security software companies into its URL blacklist systems. That means that whenever any of the 845 million people who use Facebook click a link they will be protected by this back-end system, and hopefully blocked from going to a malicious or unsafe site.

“We are excited to be partnering with leaders in the anti-virus industry to better protect our users both on and off of Facebook,” Facebook’s Chief Security Officer, Joe Sullivan, told ABC News. “Starting today, we will be incorporating the combined intelligence of these vendors to Facebook’s existing database of malicious URLs, and offering a wide selection of anti-virus software to our users.”

That part about offering anti-virus software is the second major security move Facebook is making. Facebook is rolling out a new AV (Anti-Virus) Marketplace for Facebook users. Any Facebook user will now be able to download free anti-virus software from Microsoft, McAfee, TrendMicro, Sophos, or Symantec at Facebook had an existing program like this with McAfee, but Facebook is putting more emphasis now on these offerings with a dedicated page.

Facebook and its software partners will provide six months of protection.  While these programs help with more than URL protection and Facebook activity, Facebook maintains that this will help protect users on and off the website. The AV Marketplace is now up and running on

Copyright 2012 ABC News Radio


Mac OS X Report: Virus Infects 600,000 Computers

Courtesy of Apple(NEW YORK) -- More than 600,000 Apple computers worldwide have been infected with the Flashback Trojan, leaving their system’s security vulnerable to criminal hackers, Russian anti-virus firm Dr. Web reported.

Over half of the infected computers are in the United States, and nearly 20 percent are in Canada.

“This once again refutes claims by some experts that there are no cyber-threats to Mac OS X,” the report stated.

The trojan began quietly circulating in September under the guise of an Adobe Flash Update.  Once installed, the virus disables some security features allowing hackers to gain control of the computer.

Later versions of the malware used weaknesses in the Java language to install the code and infect the machine.

Apple released a security patch for users to download and protect their Macs this week; users who have not yet installed the patch remain exposed.

“People used to say that Apple computers, unlike Windows PCs, can’t ever be infected -- but it’s a myth,”  Timur Tsoriev, an analyst at Kaspersky Lab in Russia, told the BBC.

Copyright 2012 ABC News Radio

ABC News Radio