Flame Controllers Send Suicide Codes To Symantec’s Honey Pot To Avoid Monitoring

June 11, 2012, By Sanjeev Ramachandran

Flame the Trojan that has infected thousands of Mac machines all over the world has been making headlines in media both offline and online.

However, now a new development shows that the creators of the Trojan can also send some suicide code to the machines infected.

According to Symantec, the security firm which has set up booby trapped computers to monitor the actions of the Trojan, it has found that the suicide note will remove the Trojan from infected computers.

It looks like the suicide code was meant to remove the Trojan from the computers which are monitored by the company.

Symantec has set up honey pots, or machines which can be easily infected but will report the activities of the Trojan to the firm.

Thus while monitoring the data it was found that the command and control computers which create and direct the actions of the Trojan sending an urgent command to the infected computers in Symantec’s honey pot early last week.

Later Symantec found that the code was suicidal in nature since it has completely removed the Trojan from the system which was part of the honey trap.

The code was in such a way that it located all the Flame files and removed them later overwriting their memory locations to leave no traces for forensic diggers to find out.

Meanwhile, ongoing analysis of Flame has revealed that it is first of its kind to use a sophisticated cryptographic technique which is known as prefix collision attack. It has helped it get digital credentials to spread across.

The sophistication again points to the chances of a nation state behind it, making the infection a possible case of cyber warfare.

© 2008-2012 DeviceMag.com - All rights reserved | Privacy Policy