{"id":4498,"date":"2012-06-05T17:17:34","date_gmt":"2012-06-05T22:17:34","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=4498"},"modified":"2012-10-17T14:08:29","modified_gmt":"2012-10-17T19:08:29","slug":"flame-malware-hijacks-windows-update-mechanism","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=4498","title":{"rendered":"Flame Malware Hijacks Windows Update Mechanism"},"content":{"rendered":"<blockquote><p>According to Symantec&#8217;s Security Response team, the Snack module sniffs NetBIOS requests on the local network. NetBIOS name resolution allows computers to find each other on a local network via peer-to-peer, opening up an avenue for spoofing.<\/p>\n<p>&#8220;When clients attempt to resolve a computer name on the network, and in particular make <strong>WPAD (Web Proxy Auto-Discovery Protocol)<\/strong> requests, <strong>Flamer will claim it is the WPAD server and provide a rogue WPAD configuration file (wpad.dat)<\/strong>,&#8221; Symantec noted. &#8220;NetBIOS WPAD hijacking is a well-known technique and many publicly available hack tools have implemented the technique.&#8221;<\/p><\/blockquote>\n<p>via <a href=\"http:\/\/www.securityweek.com\/flame-malware-hijacks-windows-update-mechanism\">Flame Malware Hijacks Windows Update Mechanism | SecurityWeek.Com<\/a>.<\/p>\n<p>This is why automatic Windows updates should always be off.\u00a0 Only update manually when you know your network is secure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to Symantec&#8217;s Security Response team, the Snack module sniffs NetBIOS requests on the local network. NetBIOS name resolution allows computers to find each other on a local network via peer-to-peer, opening up an avenue for spoofing. &#8220;When clients attempt &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=4498\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35],"tags":[347,335,323,86],"class_list":["post-4498","post","type-post","status-publish","format-standard","hentry","category-operating-systems","tag-malware","tag-netbios","tag-protocols","tag-windows"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/4498","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4498"}],"version-history":[{"count":3,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/4498\/revisions"}],"predecessor-version":[{"id":7597,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/4498\/revisions\/7597"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4498"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}