Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: But will they share their code? (Score 5, Insightful) 271

by dameepster (#27632783) Attached to: Looking To Spammers To Solve Hard AI Problems

Spammers are unlikely to share their results with the rest of the world. They're motivated by financial rewards, and there is absolutely no incentive to publicize their methodology in any format.

Not only would the "good guys" learn from it -- and thus potentially defeat the spammers' discovery -- but other spammers would simply steal their work.

Comment: Put Your Money Where Your Mouth Is (Score 5, Insightful) 705

by dameepster (#27465773) Attached to: Obama Calls For Nuke-Free World

The United States has 5,914 strategic nuclear warheads, followed closely by Russia with 4,237 deployable warheads. (Source: Arms Control ). The rest of the members of the nuclear club -- UK, France, China, India, Pakistan, North Korea, and Israel -- have less than 1,000 combined nuclear weapons. Clearly, if Obama wants the world to take him seriously, he needs to restart the START-II treaty and disassemble his own stockpile before he can expect others to do the same.

Comment: Re:You have the date. What's the next instruction? (Score 5, Informative) 214

by dameepster (#27279643) Attached to: Researchers Ponder Conficker's April Fool's Activation Date

I have personally analyzed Downadup, so I can speak from experience here.

Downadup.A had the potential to contact a randomly generated domain and download and run a signed executable from it. The problem with the Downadup.A version of the worm is that the domain generation algorithm was decyphered, and it only generated 250 unique domains per day. This made it easy for security researchers to register the domains before the worm authors could, and thus Downadup.A was nullified.

Downadup.C is a worse breed: the domain generation algorithm was bumped from 250 domains per day to 50,000 domains per day. It's now a nearly impossible task for security researchers to register every possible domain Downadup.C will attempt to download code from. As an aside, Downadup.C also actively fights against security-related processes: it has a list of several Anti-Virus and Anti-Malware programs that it automatically kills if the user attempts to run it.

One thing to note about all Downadup variants: you would think that, if the security researchers could force Downadup to run an executable of their choice by registering a domain, couldn't they force Downadup to run remove_downadup.exe? Not so. Downadup cryptographically verifies the signatures of any executable it runs with a 4096-bit key. If the signature doesn't match, it doesn't run the program.

Downadup is easily the most advanced worm I have ever analyzed. Its anti-debugging techniques are impeccable, and the code is completely solid. I would love to meet the authors over a beer to ask how they did it, and then stab them in the face.

If you'd like more information on Downadup from a technical perspective, here's an excellent analysis of the worm:

Promising costs nothing, it's the delivering that kills you.