The creators of the Flame malware have sent a “suicide” command that removes it from some infected computers, making difficult to experts to continue analysing the worm, security firm Symantec said.
Late last week, some Flame command-and-control (C&C) servers sent an updated command to several compromised computers, explained Symantec in a blog post. The objective of the command was to remove Flame from the compromised computer and, because attackers were still in control of a few C&C servers, they were allowed to communicate with other affected computers.
According to the security company, infected computers regularly contact their pre-configured control server to acquire additional commands. After this request, the C&C server shipped them a file named browse32.ocx, “designed to completely remove Flame from the compromised computer.”
Different analysis of the virus reveal how sophisticated it is and according to cryptographic experts, Flame is the first malicious program to use an obscure cryptographic technique known as “pre-fix collision attack”. This allowed the virus to fake digital credentials that had helped it to spread.
‘Suicide’ code sent by Flame makers
by Nerea Rial