Flame

[zuperxtreme]

So I'm pretty sure you guys have heard about this, but man virus like this just blow my mind.

On people saying Flame is "lame":

Quote:

1. Flame has a keylogger and a screengrabber

They naysayers are unimpressed. "We've seen that before. Flame is lame."

2. Flame has built-in SSH, SSL and LUA libraries

"Bloated. Slow. Flame is still lame."

3. Flame searches for all Office documents, PDF files, Autodesk files and text files on the local drives and on network drives. As there would easily be too much information to steal, it uses IFilters to extract text excerpts from the documents. These are stored in a local SQLLite database and sent to the malware operators. This way they can instruct the malware to hone in on the really interesting material.

"Flame is lame"

4. Flame can turn on the microphone of the infected computer to record discussions spoken near the machine. These discussions are saved as audio files and sent back to the malware operators.

"Flame is lame, lol"

5. Flame searches the infected computer and the network for image files taken with digital cameras. It extracts the GPS location from these images and sends it back to the malware operators.

"Still, Flame is lame"

6. Flame checks if there are any mobile phones paired via Bluetooth to the infected computer. If so, it connects to the phone (iPhone, Android, Nokia etc), collects the Address Book from the phone and sends it to the malware operators.

"Flame is still lame, kind of."

7. The stolen info is sent out by infecting USB sticks that are used in an infected machine and copying an encrypted SQLLite database to the sticks, to be sent when they are used outside of the closed environment. This way data can be exfiltrated even from a high-security environment with no network connectivity.

"Agent.BTZ did something like this already in 2008. Flame is lame."

8. When Flame was now finally caught, the attackers have been busy destroying all evidence and actively removing the infections from the affected machines.

"Doesn't prove anything. Lame."

9. Latest research proves that Flame is indeed linked to Stuxnet. And just one week after Flame was discovered, US Government admitted that they had developed Stuxnet together with the Israeli Armed Forces.

"You're just trying to hype it up. Still lame."

10. Flame creates a local proxy which it uses to intercept traffic to Microsoft Update. This is used to spread Flame to other machines in a local area network.

"Lame. Even if other computers would receive such a bogus update, they wouldn't accept it as it wouldn't be signed by Microsoft".

The fake update was signed with a certificate linking up to Microsoft root, as the attackers found a way to repurpose Microsoft Terminal Server license certificates. Even this wasn't enough to spoof newer Windows versions, so they did some cutting-edge cryptographic research and came up with a completely new way to create hash collisions, enabling them to spoof the certificate. They still needed a supercomputer though. And they've been doing this silently since 2010.

"…"

http://www.f-secure.com/weblog/archives/00002383.html

Crazy.

[The Cheshire Cat]

Gee, this seems quite a bit like Conficker. Also, this is how the government is "tapping" people. Since they can't do it through legal channels, they do it this way. With 'black ops' trial testing of various worms and viruses, using the technology of some of the best and well known worms and viruses made.

[The Duke]

O_O

[roasted]

Quote:

Originally Posted by The Cheshire Cat

Gee, this seems quite a bit like Conficker. Also, this is how the government is "tapping" people. Since they can't do it through legal channels, they do it this way. With 'black ops' trial testing of various worms and viruses, using the technology of some of the best and well known worms and viruses made.

Flame is no doubt from the NSA goodie bag....just like stuxnet was. I'm sure the NSA has ears in Kaspersky and every other CS lab in the world. It was out for 2+ years before discovery....how many others do you think are active right now? I would guess more than one.

This is just the NSA proving its the world leader in computer science....

[Haiti's Space Agency]

where can i download this

[roasted]

Quote:

Originally Posted by a224

where can i download this

Can you change your avatar? I fucking hate LB and his stupid glasses, and I'm gonna have to look at his stupid face all tonight during the game

[Haiti's Space Agency]

if they lose tonight i will change it

[roasted]

Quote:

Originally Posted by a224

if they lose tonight i will change it

If they win, I'll change mine to Mike Miller

[The Cheshire Cat]

Quote:

Originally Posted by roasted

Flame is no doubt from the NSA goodie bag....just like stuxnet was. I'm sure the NSA has ears in Kaspersky and every other CS lab in the world. It was out for 2+ years before discovery....how many others do you think are active right now? I would guess more than one.

This is just the NSA proving its the world leader in computer science....

Nope, it's not proving anything. This is them testing how effective their stuff is. How do you think the US will gain intelligence of other countries around the world? No more flying over places with planes snapping pictures. It's the day of the computer and the net. Just think about that for a while and it'll sink in.

[Haiti's Space Agency]

Quote:

Originally Posted by roasted

If they win, I'll change mine to Mike Miller

it is now nick collison because he had a good game

[Xhunkfish]

Choice excerpts from Reverend Bill Blunden's The Rootkit Arsenal:

Though I have no hard evidence, it would probably not be too far a jump to conclude that our own intelligence agencies (CIA, NSA, DoD, etc.) have been investigating rootkits and related tools. In a 2007 report entitled Cybercrime: The Next Wave, antivirus maker McAfee estimated some 120 countries were actively studying online attack strategies. The Chinese, specifically, were noted as having publicly stated they were actively engaged in pursuing cyber-espionage.

In its 2008 Report to Congress, the U.S.-China Economic and Security Review Commission noted that "China's current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts." According to the report, there were some 250 hacker groups in China that the government tolerated (if not openly encouraged)

Day after day I read people giving credit to the US for the complex malware discovered. If anyone were to do some research they would learn the US is poorly prepared for cyberwarfare in comparison to their Chinese counterparts.

Perhaps we should be giving credit where credit is due.

http://www.washingtonpost.com/r/2010...0Espionage.pdf

[zuperxtreme]

I disagree, the best hackers are the ones no one hears about.

[Haiti's Space Agency]

Quote:

Originally Posted by Xhunkfish

Choice excerpts from Reverend Bill Blunden's The Rootkit Arsenal:

Though I have no hard evidence, it would probably not be too far a jump to conclude that our own intelligence agencies (CIA, NSA, DoD, etc.) have been investigating rootkits and related tools. In a 2007 report entitled Cybercrime: The Next Wave, antivirus maker McAfee estimated some 120 countries were actively studying online attack strategies. The Chinese, specifically, were noted as having publicly stated they were actively engaged in pursuing cyber-espionage.

In its 2008 Report to Congress, the U.S.-China Economic and Security Review Commission noted that "China's current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts." According to the report, there were some 250 hacker groups in China that the government tolerated (if not openly encouraged)

Day after day I read people giving credit to the US for the complex malware discovered. If anyone were to do some research they would learn the US is poorly prepared for cyberwarfare in comparison to their Chinese counterparts.

Perhaps we should be giving credit where credit is due.

http://www.washingtonpost.com/r/2010...0Espionage.pdf

usa hackers are better than china hackers this is a fact because usa invented the internet and computers.

[Xhunkfish]

Quote:

I disagree, the best hackers are the ones no one hears about.

Maybe, but then again you cannot assign titles like 'best', and 'worst' to things you have never heard about, so this statement is little more than something fun to say that impresses your friends.

Quote:

Originally Posted by a224

usa hackers are better than china hackers this is a fact because usa invented the internet and computers.

I have a link to about ninety pages in my above post that disproves this. It covers the overall structure of the Chinese cyberwarfare program, going as granular as how single actors operate. Perhaps you should give it a read.