7 Replies Latest reply: Nov 8, 2013 8:49 AM by Philip Niegos RSS

Flame malware

Devin Patel



Is there a QID to detect recently discovered Flame malware? if not, will there be one?



  • Flame malware
    Robert Dell'Immagine

    Moved to VM area for better visibility.

  • Flame malware
    Tim Pettigrew

    I opened a ticket the other day to ask the same question.  The reply I received said "Qualys is staying clear of worms or other malware detections in Vuylnerability Management as a product decision."




  • Flame malware
    Craig Kagawa

    Hi Devin,


    The Flame malware appears to be leveraging two older Microsoft vulnerabilities that were patched back in 2010. 

    (Microsoft Security Bulletin’s MS10-046 and MS10-061). You can verify with QualysGuard that you do not have these unpatched vulnerabilities which Flame has been known to use.


    QID 90616 "Microsoft Windows Shell Remote Code Execution Vulnerability (MS10-046 and KB2286198)"

    QID 90636 "Microsoft Windows Print Spooler Remote Code Execution Vulnerability (MS10-061)"


    The following QIDs can also be helpful too.

    QID 105294 "Antivirus Product Not Detected on the Windows Host"

    QID 105336 "Firewall Product Not Detected on Windows Host"


    To help assist to detect the Flame malware, please ensure your QualysGuard scanner is at Vulnerability Signatures version: 2.2.139-2 or higher and use QID 1244 "Win32.Flame Detected".


    If you need further assistance please don't hesitate to contact Support.



    • Flame malware
      Robert Dell'Immagine

      Regarding these two QIDs:

      QID 105294 "Antivirus Product Not Detected on the Windows Host"

      QID 105327 "Antivirus Product Detected on the Windows Host"


      They both currently detect these AV products:

      AVG Antivirus

      CA eTrust Antivirus

      F-Secure Antivirus

      Kaspersky Antivirus

      McAfee Antivirus

      Network Associates Antivirus

      Sophos Antivirus Scanner

      Symantec Norton Antivirus Corporate Edition

      Symantec Norton Antivirus Personal Edition

      Symantec Endpoint Protection

      TrendMicro Antivirus

      ESET Antivirus Scanner

      Microsoft Windows Defender

      Clam Antivirus


      Checks for additional AV products can be added if customers request them.

      • Flame malware
        Philip Niegos

        One Additional Note:


        The QualysGuard Vulnerability Management Application does contain detections for many different types of malware.


        To find there associated QIDs, simply use the KnowledgeBase Search tool, and select the Category drop-down option called "Backdoors and Trojan Horses".


        Additionally, the QualysGuard Malware Detections Service (MDS) is now a standard component in QualysGuard WAS v3 and greater.  MDS use both signature-based and advanced "behavioral" detection techniques to identify malware on EXTERNAL facing Web Applications and Web sites.

  • Flame malware
    Philip Niegos



    QID 1244 - Win32.Flame Detected