

Analysis of the MD5 collision attack used by the Flame malware - alter8
https://speakerdeck.com/u/asotirov/p/analyzing-the-md5-collision-in-flame

======
dhx
TLDR: X.509 certificate collision attack where the uptime of the signing
server appears to have been guessed successfully to an accuracy of 1
millisecond (!)

Some further technical details:

Dump of the full certificate chain:
[http://blog.didierstevens.com/2012/06/06/flame-
authenticode-...](http://blog.didierstevens.com/2012/06/06/flame-authenticode-
dumps-kb2718704/)

Technical analysis and information about the certificate from Microsoft
(MSRC): [https://blogs.technet.com/b/srd/archive/2012/06/06/more-
info...](https://blogs.technet.com/b/srd/archive/2012/06/06/more-information-
about-the-digital-certificates-used-to-sign-the-flame-malware.aspx)

Discussion on the cryptography@randombit.net mailing list: [http://www.mail-
archive.com/cryptography@randombit.net/msg02...](http://www.mail-
archive.com/cryptography@randombit.net/msg02916.html)

~~~
spydum
to be fair they would have had to generate certs to push the serial # up to
the collided cert anyways, so they could use those generated certs and
observed network latency to know exactly the uptime.. still very impressively
executed..

