Indeed. Goes to show that any language can be made to do things which were not intended by the language authors. I wonder if it will help shed light on who was involved in the development?
Can you imagine the code review process for this level of malware? * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Thu, May 31, 2012 at 9:56 AM, Steven M. Caesare <[email protected]>wrote: > There’s a lot being made of (portions of) it being written in Lua…. Which > seems to be a tad unusual .**** > > ** ** > > -sc**** > > ** ** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Wednesday, May 30, 2012 11:01 PM > > *To:* NT System Admin Issues > *Subject:* Re: Flame bait...**** > > ** ** > > Given that is has been successfully running for at least 2 years, and > possibly more, I'd say it has already been a success.**** > > ** ** > > I'm still looking for evidence that its payload isn't at least partially > encrypted.**** > > ** ** > > -------- > “Flame is controlled via an SSL channel by a C&C infrastructure spread all > around the world, ranging from 50 (Kaspersky) to 80 (CrySyS) different > domains;**** > > --------**** > > ** ** > > ** ** > > > http://www.wired.com/beyond_the_beyond/2012/05/flame-a-cyberweapon-that-makes-stuxnet-look-cheap/ > **** > > ** ** > > > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > > ** > ****** > > On Wed, May 30, 2012 at 10:33 PM, Ken Schaefer <[email protected]> > wrote:**** > > If this was such a sophisticated piece of malware, it could have just > encrypted everything prior to sending it out: to a scanner it would just > look like binary gibberish.**** > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Thursday, 31 May 2012 7:45 AM > To: NT System Admin Issues > Subject: Flame bait... > > So, this is getting a lot of hype right now: > > http://www.computerworld.com/s/article/9227524/Researchers_identify_Stuxnet_like_malware_called_Flame_ > > And a thought just occurred to me... > > A lot of gateways that scan things (email, web, etc. - and a lot of AV > programs on end points, too) are configured to ignore chunks of data over a > megabyte or two... > > I wonder if that has played to the advantage of this bit of malware? > > Kurt > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
