Under Attack?
Search
Menu

Radware ERT helps fight Flame at the Enterprise Level

By Ziv GadotJune 8, 2012

Security specialists describe the malware Flame, also known as Flamer, as the most advanced computer virus ever found and a new level of sophistication in cyber warfare. Flame is able to extract large volumes of information from its victim and send the information back to its operators. The information that Flamer extracts includes key strokes, directory structure, files and documents, activation of audio recording by demand, scan for neighboring Bluetooth devices and much more.

The method used by Flame operators for initial infection of a victim computer is still unclear, and the assumptions of security specialists vary from network intrusion to physical infection of a computer through USB key. While security companies are still researching methods to block Flame’s initial infection, Radware ERT has generated a signature that blocks Flame spreading attempts within the victim’s organization. It was discovered that Flame is able to spread across a victim’s organization through a sophisticated ‘Man in the Middle attack’ on the Windows Update service. As soon as Flame tries to spread from one infected computer to another, Radware’s Attack Mitigation System identifies the spreading attempt and blocks it. In addition, an immediate alert is sent to the security operation center in the organization, so they become aware that Flame exists in their network.

Organizations deploying Radware’s Attack Mitigation System significantly reduce the risk of data extraction by Flame and are notified of its existence as soon as it tries to spread in the organization. In addition there is evidence that Flame may be also be using Microsoft LNK Exploit MS10-046. Radware signatures already protect against its network manifestation of this vulnerability.

ERT Recommendations

Install the latest signature file from Radware on the DefensePro devices to block Flame spreading attempts. In addition, customers are advised to use host-based protection such as AntiVirus to remove Flame from infected computers, and detect or prevent its host-based activities.

Radware’s customers are encouraged to contact our support team and to receive immediate assistance from our ERT team. Non-Radware customers can contact our ERT through a Radware representative.

Posted in: Application Security Attack Mitigation SecurityTags:

Ziv Gadot

Ziv Gadot is Senior Security Researcher for Radware and manages Radware’s Security Operations Center (SOC) , a unit performing analysis and research on DDoS related subjects and the Emergency Response Team (ERT), a 24/7 service intended to assist organizations under DDoS attacks on a daily basis. Mr. Gadot joined Radware in 2003 and is actively involved in security research and service strategy.

Related Articles

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?