Friday, June 8, 2012
The spy malware Flame used bogus Microsoft certificates to infect new computers, a prominent cybersecurity expert says. The science needed to pull the trick probably required some of the world’s best knowledge of cryptography.
The virus, which spread across the Middle East and particularly Iran, can mask itself as legitimate patches distributed through a Windows Update, reports Marc Stevens from the Centrum Wiskunde & Informatica (CWI) in Amsterdam.
It does so by providing a fake digital certificate, stating that the malware is a code originating from a trusted producer, which appears to have been issued by Microsoft itself.
Obtaining such a fraudulent certificate required a so-called chosen-prefix collision attack. It’s an attack targeting a specific cybersecurity algorithm called Message-Digest algorithm 5, or MD5. MD5 basically takes a piece of data and turns it into a unique digital fingerprint called a hash.
The important feature of a hash is that it cannot be used to reverse-engineer the original data, so, for instance, a database of password hashes cannot be used to establish the passwords, but can be used to match a password to its hash and verify it. Hash functions are vital to online commerce, safe file distribution and other important parts of cyber infrastructure.
This article was posted: Friday, June 8, 2012 at 8:44 am