Today's Hard|Forum Post
Today's Hard|Forum Post

Thursday June 07, 2012

Flame Lights Its Own Self-Destruct Fuse

It would seem the Flame virus had a self-destruct mode. Wow, virus authors are now coding self-destruct sequences in to cover their tracks? eek!

From here, infected machines received a new module from the remaining command and control servers آ— browse32.ocx آ— which has the purpose of covering Flame's tracks. It not only has a hit-list of all Flame-related files and folders to delete, but it subsequently rewrites random characters on the disk to ensure that the old data can't be retrieved.