I got that... hence my joke of one of the modules being something found at said "lua-ow". :-) -sc From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Thursday, May 31, 2012 12:10 PM To: NT System Admin Issues Subject: RE: Flame bait... I was thinking more in terms of "lua-ow" From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, May 31, 2012 9:34 AM To: NT System Admin Issues Subject: RE: Flame bait... That explains the "hula" module then. -sc From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Thursday, May 31, 2012 10:05 AM To: NT System Admin Issues Subject: RE: Flame bait... It was written by a Hawaiian that wanted to put the hurt on someone. From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, May 31, 2012 8:57 AM To: NT System Admin Issues Subject: RE: Flame bait... There's a lot being made of (portions of) it being written in Lua.... Which seems to be a tad unusual . -sc From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, May 30, 2012 11:01 PM To: NT System Admin Issues Subject: Re: Flame bait... Given that is has been successfully running for at least 2 years, and possibly more, I'd say it has already been a success. I'm still looking for evidence that its payload isn't at least partially encrypted. -------- "Flame is controlled via an SSL channel by a C&C infrastructure spread all around the world, ranging from 50 (Kaspersky) to 80 (CrySyS) different domains; -------- http://www.wired.com/beyond_the_beyond/2012/05/flame-a-cyberweapon-that- makes-stuxnet-look-cheap/
ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Wed, May 30, 2012 at 10:33 PM, Ken Schaefer <k...@adopenstatic.com> wrote: If this was such a sophisticated piece of malware, it could have just encrypted everything prior to sending it out: to a scanner it would just look like binary gibberish. -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, 31 May 2012 7:45 AM To: NT System Admin Issues Subject: Flame bait... So, this is getting a lot of hype right now: http://www.computerworld.com/s/article/9227524/Researchers_identify_Stux net_like_malware_called_Flame_ And a thought just occurred to me... A lot of gateways that scan things (email, web, etc. - and a lot of AV programs on end points, too) are configured to ignore chunks of data over a megabyte or two... I wonder if that has played to the advantage of this bit of malware? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin