Home  Maps  About

Home > OTChat

[ Post a New Response | Return to the Index ]

(945047)

view threaded

What's next? Getting a computer to kill it's user?

Posted by Chris R16/R2730 on Mon May 28 19:54:37 2012

http://www.telegraph.co.uk/news/worldnews/middleeast/iran/9295938/Flame-worlds-most-complex-computer-virus-exposed.html

Damn malware, you scary.

(945049)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by dand124 on Mon May 28 19:58:15 2012, in response to What's next? Getting a computer to kill it's user?, posted by Chris R16/R2730 on Mon May 28 19:54:37 2012.

Kill Flanders!

(945051)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by SelkirkTMO on Mon May 28 20:08:40 2012, in response to What's next? Getting a computer to kill it's user?, posted by Chris R16/R2730 on Mon May 28 19:54:37 2012.

Missing from the story is that Israel is just as infected as Iran. Them, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. Current theory is that it originated in Austria or China based on the code and those of us who have seen the code are even skeptical that it was a government that created it. Best part? It's been in circulation since December, 2010 or earlier! Completely undetected until now. Gotta love OS' that depend on AV's. :)

Here's a screenie from Eugene's folks explaining how they named it:



(945158)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by 3-9 on Tue May 29 14:23:27 2012, in response to What's next? Getting a computer to kill it's user?, posted by Chris R16/R2730 on Mon May 28 19:54:37 2012.

At 20 MB, guess that won't fit on the boot sector of a floppy disk!

(945160)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by 3-9 on Tue May 29 14:28:46 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by SelkirkTMO on Mon May 28 20:08:40 2012.

Hmm, could a case be made that the infections in Israel are feints/accidents? Also, depends on who was infected with the virus in all the various countries...

(945164)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by Chris R16/R2730 on Tue May 29 14:39:47 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by 3-9 on Tue May 29 14:28:46 2012.

Israel has never been a nation that relies on such subterfuge against it's enemies, unless this was specifically designed to assist a planned military action. Sounds a lot more like Russian hackers who do this sort of thing for the highest bidders. A Russian hacker would probably have an easier time infecting an Iranian computer network.

(945169)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by 3-9 on Tue May 29 14:49:21 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by Chris R16/R2730 on Tue May 29 14:39:47 2012.

Times are a-changing, there's nothing that says that Israel can't learn new tricks. In fact, I would be extremely disappointed if they DIDN'T have some kind of cyber-espionage program.

(945196)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by orange blossom special on Tue May 29 19:06:42 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by 3-9 on Tue May 29 14:49:21 2012.

It doesn't matter, Israel will be blamed for it for eternity.

Kinda like that demokkkrat nutbag that was screaming uss liberty at McCain this week.

(945200)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by SelkirkTMO on Tue May 29 19:27:47 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by 3-9 on Tue May 29 14:28:46 2012.

Well ... here's the infection stats map out of Kaspersky Labs ...



Been covering this since yesterday for Infosecisland.com, and we're learning now that this virus has been around since the summer of 2007. Shame on the antivirus companies for missing this one, now that I've seen the code, it was pretty bloody obvious that this was malware and signs of it were QUITE visible with even the most rudimentary scan of a system. It's an ACTIVEX control!

I mean really ... is there anyone anywhere who still ALLOWS ActiveX to just run without so much as a warning box popping up?

The code itself is highly UNsophisticated, it's written largely in Visual BASIC. Only thing "special" about it is that it was wrapped in an encrypted, compressed package. But it leaves obvious signs of network activity, and lives in the TMP folder. Its biggest secret to being undetected is that OCX files aren't normally scanned by antiviruses.

When I wrote our BOClean product years ago, a very simple means was provided in my code to determine whether a file was an executable or not regardless of its name or file extension. EVERY file, no matter what its "type" has to have three magic characters at the very beginning of a file. It it starts with MZ, then it's an executable and should be scanned.

And folks wonder why we wrote our own operating system where none of this can happen. :)

(945203)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by SelkirkTMO on Tue May 29 19:37:14 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by Chris R16/R2730 on Tue May 29 14:39:47 2012.

Whoever was behind this was a "for hire" and not a professional. In the code, there's functions called "gator" and "frog" which is certainly not what would be chosen by paid professionals. This smells more like "anonymous" than Mossad. I've been playing with the code and turns out that our old BOClean product detects it. :-\

(945205)

view threaded

Re: What's next? Getting a computer to kill its user?

Posted by Olog-hai on Tue May 29 19:43:03 2012, in response to What's next? Getting a computer to kill it's user?, posted by Chris R16/R2730 on Mon May 28 19:54:37 2012.

If that were possible, we wouldn't have to worry about terrorists or the Iranian government; we could slay them at their workstations.

(945335)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by 3-9 on Wed May 30 08:03:41 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by SelkirkTMO on Tue May 29 19:27:47 2012.

Visual Basic?!? I was wondering why the code sample was so readable, and I was thinking, "Naw, that can't be Visual Basic, could it?" :-/

That explains the 20 MB file size, anyway. :-)


(945338)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by 3-9 on Wed May 30 08:07:47 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by SelkirkTMO on Tue May 29 19:37:14 2012.

I've been playing with the code and turns out that our old BOClean product detects it. :-\

That just sucks so bad :-(.

Does Hitman Pro or any of the others pick it up?

(945344)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by Stephen Bauman on Wed May 30 09:26:43 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by 3-9 on Wed May 30 08:03:41 2012.

The text file containing high level language source is usually a lot smaller than that source's compiled code. That's one reason interpreters were invented: they saved memory space when that was an important concern. It's the run time libraries that usually cause the memory bloat for both interpreted and compiled languages.

(945495)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by SelkirkTMO on Wed May 30 17:56:12 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by Stephen Bauman on Wed May 30 09:26:43 2012.

Been analyzing the code in that. It's frog in a blender. Good amount is written in LUA, some in VB, some in C#, some in "dotNOT" and more written in ... lol ... Pascal. Definitely amateur hour on steroids here but it works as a package.

And LOL at the antiviruses ... the actual infector was covered by our BOClean product back in February of 2007 when it first appeared. It got over because ... (drum roll) ... they don't consider "ActiveX" (OCX files) as a threat. Hahahahaha ...

(945550)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by FYBklyn1959 on Wed May 30 21:54:47 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by SelkirkTMO on Wed May 30 17:56:12 2012.

Pascal, LOL Haven't used that since I graduated from college...in 1981 :)



FOR I := 1 to 100 DO
WRITELN I
END;

(real simple code, that's all I remember after all this time LOL)


(945554)

view threaded

Re: What's next? Getting a computer to kill it's user?

Posted by SelkirkTMO on Wed May 30 22:00:41 2012, in response to Re: What's next? Getting a computer to kill it's user?, posted by FYBklyn1959 on Wed May 30 21:54:47 2012.

Heh. Pascal was created by teachers as a pseudo coding language solely to teach the concept ... but one day, Borland came out with an actual Pascal compiler which they sold to coders. It was silly, rigid, and too easy to use.

Fast forward a few years to Borland's demise and it was resurrected as the most awful turd ever conceived ... "Delphi" which is still in use. So powerful is it with its constrained libraries that it quickly became the choice of malware authors everywhere ... Aunt Tilly could write a password stealer and kelogger with only fourteen lines of code. :)


[ Return to the Message Index ]