Forgot your password?
typodupeerror

+ - sKyWIper/Flamer - possibly most complex malware ever spotted after Stuxnet/Duqu-> 1

Submitted by
boldi
boldi writes "One day after IrCERT reported that they found an important malware called "Flamer", CrySyS Lab of Budapest University of Technology and Economics released a detailed report on the technical aspects of the malware. The malware is so complex it will take much more time to analyze. Kasperksy Labs made a separate analysis and give additional insight naming the malware as "Flame". Symantec released a short report with additional telemetry. We can expect more information to come."
Link to Original Source

Comment: duqu definition in short (Score 3, Informative) 227

by boldi (#38217786) Attached to: Duqu Attackers Managed to Wipe C&C Servers

http://en.wikipedia.org/wiki/Duqu

Duqu is a computer worm discovered on 1 September 2011, thought to be related to the Stuxnet worm. The Laboratory of Cryptography and System Security (CrySyS) of the Budapest University of Technology and Economics in Hungary, which discovered the threat, analyzed the malware and wrote a 60-page report, naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.
Symantec, based on the CrySyS report, continued the analysis of the threat, which it called "nearly identical to Stuxnet, but with a completely different purpose", and published a detailed technical paper on it with a cut-down version of the original lab report as an appendix. Symantec believes that Duqu was created by the same authors as Stuxnet, or that the authors had access to the source code of Stuxnet.

More likely Duqu==Stuxnet==Stars. Same guys, different vulns, different tools. Duqu is an instance made from a lego-kit.

Comment: CrySyS duqu detector toolkit (Score 1) 64

by boldi (#37999362) Attached to: Open Source Tool Scans For Duqu Drivers

CrySys Lab released a new open-source toolkit to detect duqu traces (possibly some file left after duqu uninstalled itself after 30-36 days) and running Duqu instances.
  http://www.crysys.hu/duqudetector/
Our tool combines heurestic and signature based approach, e.g. it calculates entropy for .PNF files and reports those suspiciously random ones.

Security

A Cyber-Attack On an American City 461

Posted by timothy
from the if-by-one-day-you-mean-already dept.
Bruce Perens writes "Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes in the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported. So I decided to change that."
Linux Business

"Good Enough" Computers Are the Future 515

Posted by timothy
from the adequate-for-light-word-processing-and-small-sums dept.
An anonymous reader writes "Over on the PC World blog, Keir Thomas engages in some speculative thinking. Pretending to be writing from the year 2025, he describes a world of 'Good Enough computing,' wherein ultra-cheap PCs and notebooks (created to help end-users weather the 'Great Recession' of the early 21st century) are coupled to open source operating systems. This is possible because even the cheapest chips have all the power most people need nowadays. In what is effectively the present situation with netbooks writ large, he sees a future where Microsoft is priced out of the entire desktop operating system market and can't compete. It's a fun read that raises some interesting points."
Security

Intel Cache Poisoning Is Dangerously Easy On Linux 393

Posted by timothy
from the anything-you-set-your-mind-to dept.
Julie188 writes "A researcher recently released proof-of-concept code for an exploit that allows a hacker to overrun an Intel CPU cache and plant a rootkit. A second, independent researcher has examined the exploit and noted that it is so simple and so stealthy that it is likely out in the wild now, unbeknownst to its victims. The attack works best on a Linux system with an Intel DQ35 motherboard with 2GB of memory. It turns out that Linux allows the root user to access MTR registers incredibly easily. With Windows this exploit can be used, but requires much more work and skill and so while the Linux exploit code is readily available now, no Windows exploit code has, so far, been released or seen. This attack is hardware specific, but unfortunately, it is specific to Intel's popular DQ35 motherboards."

Mystics always hope that science will some day overtake them. -- Booth Tarkington

Working...