I believe Steve Gibson said that all of the traffic it passed WAS encrypted. It may also be (I wasn't listening as closely as I could have been) that it's encrypted at rest on the victim system too.
Ben M. Schorr Roland Schorr & Tower www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr -----Original Message----- From: Ken Schaefer [mailto:[email protected]] Sent: Wednesday, May 30, 2012 19:34 To: NT System Admin Issues Subject: RE: Flame bait... If this was such a sophisticated piece of malware, it could have just encrypted everything prior to sending it out: to a scanner it would just look like binary gibberish. -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, 31 May 2012 7:45 AM To: NT System Admin Issues Subject: Flame bait... So, this is getting a lot of hype right now: http://www.computerworld.com/s/article/9227524/Researchers_identify_Stuxnet_like_malware_called_Flame_ And a thought just occurred to me... A lot of gateways that scan things (email, web, etc. - and a lot of AV programs on end points, too) are configured to ignore chunks of data over a megabyte or two... I wonder if that has played to the advantage of this bit of malware? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
