The Flame virus uses a MD5 collision attack to generate a rogue Microsoft digital code-signing certificate. With the certificate in hand, the virus passes the malware to Windows computers as an update from Microsoft. It is recommended that certificate authorities stop signing digital certificates using MD5 as a cryptographic hash function. The US-CERT has discontinued the use of MD5 and now requires the SHA-2 family of hash functions. Electrosoft typically recommends the use of certificate authorities with SHA-256 and RSA 2048 cryptographic capabilities to sign digital certificates.
More information regarding Flame Virus exploits please follow the link: https://metro.co.uk/2012/06/25/flame-virus-how-malware-became-the-new-weapon-of-war-479598/
For more information about our expert consulting services in the area of cryptography and PKI, please Contact Us.
- Amila Ranasinghe