The creators of the Flame malware have sent a “suicide” command that removes it from some infected computers.
Security firm Symantec caught the command using booby-trapped computers set up to watch Flame’s actions.
More technical details at Symantec:
Late last week, some Flamer command-and-control (C&C) servers sent an updated command to several compromised computers. This command was designed to completely remove Flamer from the compromised computer. The Flamer attackers were still in control of at least a few C&C servers, which allowed them to communicate with a specific set of compromised computers. They had retained control of their domain registration accounts, which allowed them to host these domains with a new hosting provider.
Compromised computers regularly contact their pre-configured control server to acquire additional commands. Following the request, the C&C server shipped them a file named browse32.ocx. This file can be summarized as the module responsible for removing Flamer from the compromised computer. One could also call it the “uninstaller”.
Even more at Softpedia.
Donations tax deductible
to the full extent allowed by law.