BOSTON, June 4 (Reuters) - Microsoft Corp warned PC
users that the Flame virus that attacked systems across the
Middle East infects computers by exploiting a flaw in the
Windows operating system.
The company released software to protect against infections
exploiting the previously undisclosed flaw.
Mike Reavey, a senior director with Microsoft's Security
Response Center, said in a blog post that he feared that other
hackers might be able to copy the technique to launch more
widespread attacks with other types of viruses.
"We continue to investigate this issue and will take any
appropriate actions to help protect customers," Reavey said in
the blog post.
A spokeswoman for Microsoft declined to elaborate. She would
not comment on whether other viruses had exploited the same flaw
in Windows or if the company's security team was looking for
similar bugs in the operating system.
The flaw enabled Flame to install itself on computers by
tricking Windows into believing that the malicious software was
a legitimate program from Microsoft, Reavey said in the blog,
which was published late on Sunday.
News of the Flame virus, which surfaced a week ago,
generated headlines around the world as researchers said that
technical evidence suggests it was built on behalf of the same
nation or nations that commissioned the Stuxnet worm that
attacked Iran's nuclear program in 2010.
Ryan Smith, chief research scientist with security firm
Accuvant, said the discovery of the Microsoft flaw was also
"The Windows vulnerability in and of itself is a big story,"
said Smith, whose customers include large corporations. He added
that it is possible other highly sophisticated pieces of malware
may have also exploited the same flaw and be invisible to the
users of the systems they have infected.
When customers install the software on infected computers,
such viruses would either stop working or they might become
invisible, Smith said.
Microsoft's warning is available at http://blogs.technet.com/b/msrc/
(Reporting by Jim Finkle in Boston; Editing by Gary Hill)
© 2015 Thomson/Reuters. All rights reserved.