I actually read the Telegraph, and I'm pretty sure that the article I read said that it was 20 gigabytes. And I thought, hmmmm. And I thought of Whale, which at 9kb was the biggest (and most ineffective) virus as of 25-odd years ago. Ineffective, because the first thing that happened when you tried to run Whale, was the computer crashed after a few seconds.
The conclusion that you should draw from this article, is that the writer was completely devoid of clue, and you shouldn't get information about viruses from articles in the Daily Telegraph A generalisation that you can make, is that you can't get information on any subject from articles in the media. On Wed, 30 May 2012, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote: > I have been reading about the new Flame (aka Flamer, aka sKyWIper) > "supervirus." > > [AAaaaarrrrrrggggghhhh!!!!!!!! Sorry. I will try and keep the screaming, in > my > "outside voice," to a minimum.] > > >From http://www.telegraph.co.uk/news/worldnews/middleeast/iran/9295938/Flame- > worlds-most-complex-computer-virus-exposed.html > > This "virus" [1] is "20 times more powerful" than any other! [Why? Because > it > has 20 times more code? Because it is running on 20 times more computers? > (It > isn't. If you aren't a sysadmin in the Middle East you basically don't have > to > worry.) Because the computers it is running on are 20 times more powerful? > This > claim is pointless and ridiculous.] > > [I had it right the first time. The file that is being examined is 20 > megabytes. > Sorry, I'm from the old days. Anybody who needs 20 megs to build a piece of > malware isn't a genius. Tight code is *much* more impressive. This is just > sloppy.] > > It "could only have been created by a state." [What have you got against > those of > us who live in provinces?] > > "Flame can gather data files, remotely change settings on computers, turn on > computer microphones to record conversations, take screen shots and copy > instant messaging chats." [So? We had RATs that could do that at least a > decade > ago.] > > "... a Russian security firm that specialises in targeting malicious computer > code ... > made the 20 megabyte virus available to other researchers yesterday claiming > it > did not fully understand its scope and said its code was 100 times the size > of the > most malicious software." [I rather doubt they made the claim that they > didn't > understand it. It would take time to plow through 20 megs of code, so it > makes > sense to send it around the AV community. But I still say these "size of > code" and > "most malicious" statements are useless, to say the least.] > > It was "released five years ago and had infected machines in Iran, Israel, > Sudan, > Syria, Lebanon, Saudi Arabia and Egypt." [Five years? Good grief! This > thing is a > pretty wimpy virus! (Or self-limiting in some way.) Even in the days of > BSIs and > sneakernet you could spread something around the world in half a year at > most.] > > "If Flame went on undiscovered for five years, the only logical conclusion is > that > there are other operations ongoing that we don't know about." [Yeah. Like > "not > reproducing."] > > "The file, which infects Microsoft Windows computers, has five encryption > algorithms," [Gosh! The best we could do before was a couple of dozen!] > "exotic > data storage formats" [Like "not plain text."] "and the ability to steal > documents, spy on computer users and more." [Yawn.] > > "Components enable those behind it, who use a network of rapidly-shifting > "command and control" servers to direct the virus ..." [Gee! You mean like > a > botnet or something?] > > > Sorry. Yes, I do know that this is supposed to be (and probably is) state- > sponsored, and purposefully written to attack specific targets and evade > detection. > I get it. It will be (marginally) interesting to see what they pull out of > the code > over the next few years. It's even kind of impressive that someone built a > RAT > that went undetected for that long, even though it was specifically built to > hide > and move slowly. > > But all this "supervirus" nonsense is giving me pains. > > > [1] First off, everybody is calling it a "virus." But many reports say they > don't > know how it got where it was found. Duh! If it's a virus, that's kind of > the first > issue, isn't it? > > ====================== (quote inserted randomly by Pegasus Mailer) > rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org > Any American was bred to want to take over things; your water > supply, your mineral deposits, your entire country, your wife ... > Something American had happened to his wife ... there was no > other possible explantion. - `The Whirlpool', Jane Urquhart > victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links > http://blogs.securiteam.com/index.php/archives/author/p1/ > http://twitter.com/rslade > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
