Array
(
)
Computerworld India News | Flame Authors Remove All Traces of the Malware From Infected Computers | Computerworld.in

Flame Authors Remove All Traces of the Malware From Infected Computers

Lucian Constantin June 8, 2012
Flame Authors Remove All Traces of the Malware From Infected Computers
Flame self-desctruct module overwrites file data to prevent forensic analysis

The creators of the Flame cyber-espionage threat ordered infected computers still under their control to download and execute a component designed to remove all traces of the malware and prevent forensic analysis, security researchers from Symantec said on Wednesday.

Flame has a built-in feature called SUICIDE that can be used to uninstall the malware from infected computers. However, late last week, Flame's creators decided to distribute a different self-removal module to infected computers that connected to servers still under their control, Symantec's security response team said in a blog post.

The module is called browse32.ocx and its most recent version was created on May 9, 2012. "It is unknown why the malware authors decided not to use the SUICIDE functionality, and instead make Flamer perform explicit actions based on a new module," the Symantec researchers said.

However, even though it is similar in functionality to the SUICIDE feature -- both being able to delete a large number of files associated with the malware -- the new module goes a step further.

"It locates every [Flame] file on disk, removes it, and subsequently overwrites the disk with random characters to prevent anyone from obtaining information about the infection," the Symantec researchers said. "This component contains a routine to generate random characters to use in the overwriting operation. It tries to leave no traces of the infection behind."

LATEST NEWS

Google App Maker aims to ease enterprise development

Google is making it simpler for business to create custom apps. Its new App Maker service lets you integrate apps with Google's services and run them on the same data center infrastructure as its G Suite of productivity software.