Imho it does not have anything in common with stuxnet. That's a "poor's man malware".
There just a lot of hype by the AV Vendors and CERTs to claim big discovery and get new budget to "fight cyberwar"! All news and reports try to make "comparison" with Stuxnet. There is "NO RELATIONSHIP AT ALL" with stuxnet other than the marketing intent of the media / malware analysis producer to increase the media-coverage of their work. Some consideration about previous statement and about the FUD intent of most researchers/journalists: - It does not attack PLC and/or any kind of industrial system (Stuxnet does) - It's a fat binary (20MB of trojan it's not stealth) - It's probably quickly coded (the fact of bundling LUA interpreter tell us that the coder it's lazy and wanted to produce quickly usable code) - It store all it's data in plan-text, standard SQLite3 database with no protection / stealthness - It does not do encryption (only "xor" even if people like to describe like if it use "encryption"). - It does not have hidden/stealth startup method (known and already used/detected startup methods) So, imho it's just a big media hype over a not particularly advanced and badly designed malware. -naif On 5/29/12 3:29 PM, Niels ten Oever wrote: > Dear all, > > I would be very interested in your further analysis on the new cyber > espionage software which has been identified as the next generation of > Stuxnet which has been named Flame and/or sKyWIper - the son of stuxnet. > Further reading here: http://www.crysys.hu/skywiper/skywiper.pdf and > here: > http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers > > Looking forward for further discussion at the Human Rights Con and on > the mailinglist. > > Cheers, > > Niels > @conflictmedia > > Niels ten Oever > Programme Coordinator > S: nielstenoever > E: tenoe...@freepressunlimited.org > T: +31 356254309 > M: +31 613846622 > > A digital signature can be attached to this e-mail, > you need openPGP software to verify it. See: http://is.gd/Y06WEs > Key fingerprint = 8D9F C567 BEE4 A431 56C4 678B 08B5 A0F2 636D 68E9 _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
