What is the Flame virus and how to fight it?

A new virus called Flame was discovered by the company "Kaspersky Lab". According to its representatives, this software is the most dangerous and complex of all that exists today.

The Flame Flame was sent to avoid Iran's nuclear program, but terrorists could use it. This software is able to disable the on-board systems of the Boeing 787.

For today it is known that the most secure program is Kaspersky: the virus of the configuration in question can not destroy the protection system created by this antivirus. However, Microsoft specialists have already created a special patch for the Windows operating system. It is able to rid the computer of one of the most dangerous viruses - Flame.

This application is able to eliminate the certificates with which the Flame virus gets on the device with the newly installed Windows.
Microsoft experts do not know how cybercriminals got access to company certificates and how they managed to integrate malware into Windows.
We can not exclude the fact that Microsoft certificates have fallen into the hands of other scammers thanks to the creators of Flame. This, of course, can lead to additional problems.

The new patch has more options to prevent the spread of Flame, than to heal already infected computers. Malicious software worked with a special certificate that was stolen. Now the system is not capable of recognizing the certificate, and the virus does not install on the computer.

Based on the findings of the antivirus company Symantec, the Flame virus uses Bluetooth technology to monitor and intercept information from other devices. In a press release Symantec explains that the functionality that uses Bluetooth technology is implemented in a separate module BeetleJuice. It runs according to the values of the configuration parameters that are set by the attackers.

Search for all available Bluetooth devices is performed at startup. After the device is detected, its status is requested and parameters are recorded. Next, a Bluetooth beacon is configured. This means that when the Bluetooth is on, the infected computer is always visible by the virus .
W32.Flamer encodes information about the computer that is being corrupted, and then stores it in a special "description" field. If the environment is scanned by any other Bluetooth-enabled device, then a specific field is displayed, while completely giving itself away.

Symantec identified three scenarios for which the Flame virus uses Bluetooth:
1. In the reach zone of the infected computer, continuous monitoring of Bluetooth devices. As a result, it is very easy for an attacker to get a list of various detected devices. In most cases - these will be mobile phones that are familiar to the victim. Thus, it is possible to trace the circle of communication of the victim.
2. Track the victim's location. Using a mobile phone that is already known to the "attacker", passive monitoring is conducted and the victim's location is tracked.
3. Wider collection of information. With apps you can:

• enter the address book, which is in someone else's phone;
• read SMS messages;
• eavesdrop on the headset using a Bluetooth device;
• Stolen data can be transmitted through the communication channels of other devices.

All this allows you to bypass firewalls and network monitoring tools. That's why it is advantageous for an attacker to use his own Bluetooth-device, which is a mile from the source.

Be vigilant that the Flame virus does not get into your mobile phone or computer.