Flame disguised itself as Microsoft Update to attack PCs, company reveals

The so-called "Flame" computer virus, the latest to cause problems for Iran's computer networks, appears to have attacked some Windows-based PCs, Microsoft revealed, while reassuring its users that most had little to worry about.

"We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft," the company said in its security blog.

The company responded to the discovery by advising customers how to block such malware, releasing a security update to fight it and updating its licensing service to reduce the risk of similar cybertattacks in the future.


Iran's military revealed last week that the country's key oil industry was briefly affected by the powerful Flame virus, which has unprecedented data-snatching capabilities and can eavesdrop on computer users.

More On This...

The full extent of the disruptions isn't clear, but Iran was forced to cut Internet links to the country's main oil export terminal, presumably to try to contain the virus.

It would be the latest high-profile virus to penetrate Iran's computer defenses in the past two years, boosting speculation that Israeli programmers could have struck again. Experts see technological links between Flame and the highly focused Stuxnet virus, which was tailored to disrupt Iran's nuclear centrifuges in 2010. Many suspect Stuxnet was the work of Israeli intelligence.

Reuters reports that security experts were surprised by the way the attackers behind Flame were able to disguise it as a Microsoft-built program.

"I woke up to this news and I couldn't believe it," Roel Schouwenberg of Russia's Kaspersky Lab, told Reuters.

And some suggest the same method was used to deliver viruses that have yet to be identified.

Experts also warn of collateral damage against the U.S. and Israel if the techniques are picked up by unfriendly adversaries. A future attack like it is inevitable, former White House counter-terrorism adviser Richard Clarke told ABC News.

"This may be an example of how U.S. and Israeli cyber war has the blowback effect that threatens the security of American networks," Clark said.

The Associated Press contributed to this report.