[liberationtech] Flame | sKyWIper - 'the son of stuxnet' -
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Tue May 29 06:49:56 PDT 2012
Imho it does not have anything in common with stuxnet.
That's a "poor's man malware".
There just a lot of hype by the AV Vendors and CERTs to claim big
discovery and get new budget to "fight cyberwar"!
All news and reports try to make "comparison" with Stuxnet.
There is "NO RELATIONSHIP AT ALL" with stuxnet other than the marketing
intent of the media / malware analysis producer to increase the
media-coverage of their work.
Some consideration about previous statement and about the FUD intent of
most researchers/journalists:
- It does not attack PLC and/or any kind of industrial system (Stuxnet does)
- It's a fat binary (20MB of trojan it's not stealth)
- It's probably quickly coded (the fact of bundling LUA interpreter tell
us that the coder it's lazy and wanted to produce quickly usable code)
- It store all it's data in plan-text, standard SQLite3 database with no
protection / stealthness
- It does not do encryption (only "xor" even if people like to describe
like if it use "encryption").
- It does not have hidden/stealth startup method (known and already
used/detected startup methods)
So, imho it's just a big media hype over a not particularly advanced and
badly designed malware.
-naif
On 5/29/12 3:29 PM, Niels ten Oever wrote:
> Dear all,
>
> I would be very interested in your further analysis on the new cyber
> espionage software which has been identified as the next generation of
> Stuxnet which has been named Flame and/or sKyWIper - the son of stuxnet.
> Further reading here: http://www.crysys.hu/skywiper/skywiper.pdf and
> here:
> http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers
>
> Looking forward for further discussion at the Human Rights Con and on
> the mailinglist.
>
> Cheers,
>
> Niels
> @conflictmedia
>
> Niels ten Oever
> Programme Coordinator
> S: nielstenoever
> E: tenoever at freepressunlimited.org
> T: +31 356254309
> M: +31 613846622
>
> A digital signature can be attached to this e-mail,
> you need openPGP software to verify it. See: http://is.gd/Y06WEs
> Key fingerprint = 8D9F C567 BEE4 A431 56C4 678B 08B5 A0F2 636D 68E9
More information about the liberationtech
mailing list