Malware authors have been spoofing software companies’ digital certificates for years, to gain the trust of potential victims. While this is scary, this isn’t news. What is news (and personally, it gives me the heebie-jeebies) is that the Flame malware has used this spoofing technique to try to intercept the Microsoft Update system in order to stealthily spread itself.
The first thing to keep in mind is not to panic: This technique is only possibly being used by Flame at this point. It’s not yet entirely clear that it succeeded in any instance, just that it had planned for that case. Flame was also not a widespread threat. However, it’s still a good idea to be aware and protect your computers. Better safe than sorry, right?
Other malware writers could try to employ this technique in the future. It could be a whole lot worse if malware writers with financial motivation used this technique to hit a maximum number of targets.
Details of this possible spreading mechanism are still being analyzed, so we will likely hear more details on this in coming days. What Flame was trying to do is to fool the Microsoft Update system into believing that its files were trusted, so that the updater would push malicious files to other systems.
Microsoft released an emergency update on Sunday to automatically block the spoofed certificates, and they have stopped the service that was used to create the certificates. If you are a Windows user, it is important that you update your system as soon as possible.