“ The full mechanism isn’t yet completely analyzed, but Flame has a module which appears to attempt to do a man-in-the-middle attack on the Microsoft Update or Windows Server Update Services (WSUS) system. If successful, the attack drops a file called WUSETUPV.EXE to the target computer. This file is signed by Microsoft with a certificate that is chained up to Microsoft root. Except it isn’t signed really by Microsoft.
—
Microsoft Update and The Nightmare Scenario - F-Secure Weblog
This is really the worst possible scenario for malware: the successful hijacking of a mechanism that can silently install it on nearly a billion computers and make it look completely legitimate. It’s poison in the drinking water.
It’s also a horrifying mistake by Microsoft to allow their certificate hierarchy to be compromised. The world may be lucky that this technique was unleashed for the purposes of espionage, since the amount of damage it could have caused is virtually unlimited.
