Hi, interesting, I am just thinking about the ytansfer protocol it may be using to spread through many of the pcs... thousands there was at one stage, and now to see that they are using FLASH/USB?SANDISK?Whatever-the-brand Flash disks, wich i know can be very easily used to carry a nice healthy wormling across thousands of pcs, within a day it would have the connected flash drives, and then whenever someone unplugs one and plugs it into another there is a whole new department sometimes owned, wich was not targetted originally, ie a kid uses his usb disk then takes it to uni... this has bypassed many av before, simply by encrypting things... i wont go into that part, but it can be sent over in blowfish, and then decrypting and removal can be hard depending on the variation... One can also target *exact* brand names... and then performs attacks to exploit (sandisk is the main target).. It is a VERY effective method to spread the actual worm... the removal could be simply bad security techs, not able to remove service-bots wich, are far harder nowdays to remove if built correctly, than ever before, or 2008 for example. YES there is plenty of code about the usb/thumbdrive ,usually it is attached to some bot-.src.tar ... also remember that, these can also attack and own phones/ipad/ipad2 and Iphone :) There is also a variant wich can attack ext4 drive extensions, although it was more of a failure than a success because of who was making it i guess. Whats even more funny to me, i was discussing this with another friend of mine maybe 6months ago, if another governemt was to own a rover... then send back images and any commands given to it, to the people who want this for theyre own fantasies, it is now seemingly came true..altho i wuld never had guessed thru a silly exe and a usb stick.... although, i did not research this topic much, i only react to where i saw the 'flaw' i think.. or one flaw in it, ofcourse many of you probably have alredy thought this.. or maybe not, just go take alook at some of the code thats around nowdays, attached to very workable src code... this could simply be a very smart encrypted exe, wich is like most exes, takes a little to find the algo and decrypt ;p , i will watch the tghread for this to happen, or not? If it is inside job, asin a tech working there, then surely we wont hear much more about this ,apart from maybe when they remove it and take apart whatever infected them..etcetc.. xd
On 11 October 2011 06:00, Hatta <tmd...@gmail.com> wrote: > “We think it’s benign. But we just don’t know.” > > LOL > > dude, that was funnier than any steve jobson's jokes so far... > > > > On Mon, Oct 10, 2011 at 8:51 AM, Christian Sciberras <uuf6...@gmail.com> > wrote: > > http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/ > > This is news to me. > > Moreover, I'm a bit confused as to how they don't track how it's coming > > back. > > I mean, how is it possible that no one stepped in and analyzed how the > virus > > acts and where it came from? > > It sounds fish if you ask me. > > Chris. > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > -- > Hatta > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/