View Full Version : Kaspersky offers guidance on Flame

May 30th, 2012, 21:13
Researchers at Kaspersky have issued further guidance to anyone who thinks their PC might be infected with the Flame virus.
According to a blog post (http://www.securelist.com/en/blog/208193538/Flame_Bunny_Frog_Munch_and_BeetleJuice#.T8VAY_pw_z U.twitter) made by the head of Kaspersky’s Global Research and Analysis Team, Alexander Gostev, the main warning sign of a present or past infection is the presence of a file called ~DEB93D.tmp.
Furthermore, if the registry contains files called mssecmgr.ocx or authpack.ocx then the system is currently infected.
The virus is able to download additional software components, likened to apps, to expand its capabilities and it is thought to be derived from or inspired by a piece of software called Flexible Lightweight Active Measurement Environment.
“The FLAME software is used to measure network characteristics by deploying measurement agents and collecting data in a central database. Despite some similarities, we think that this software is unrelated as it serves different objectives,” wrote Gostev.