back to article Flame gets suicide command

The controllers of the Flame malware have apparently reacted to the publicity surrounding the attack by sending a self-destruct command. According to Symantec, some command-and-control machines have sent a command designed to wipe Flame from compromised computers. The command, which Symantec has dubbed “urgent suicide”, was …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Hacker

Is anybody else reminded of Steve Jackson Games' "Hacker"?

You could spend an action "cleaning" up a system, removing everybody else who had compromised it.

(now, if only SJG would do a Hacker: Designer's Edition Kickstarter, after the success of the Ogre: Designer's Edition Kickstarter).

There are days I wish somebody would write a Warhol Worm that would infect every already infected botnet zombie out there, then "kill" them by overwriting the hard disk: the old "Nuke the entire site from orbit" approach to cleansing the Internet.

5
1
Anonymous Coward

Re: Hacker

Maybe this is the prelude to killing the Internet?

A little feasibility test.....

0
1
Trollface

Re: Hacker

Couldn't they just type "Google" into Google to kill the Internet?

12
0
Silver badge

Re: Hacker

I thought you just had to ask the internet a vaguely difficult and insoluble question and wait for it to explode. I saw Captain Kirk do it once, so it must be true.

1
0
Bronze badge

Re: Hacker

Yhe Internet? I thought by the twenty-second century they had replaced the Internet with a big mainframe with blinkenlights on an asteroid somewhere in deep space. It's progress, Jim, but not as we know it.

0
0
Flame

Huh?

'After deletion, the module overwrites the disk with random characters.'

Richard, I'm assuming that means just the sectors previously occupied by the Flame code? Otherwise it's a bit of overkill, is it not?

Flame, what else?

4
0

Re: Huh?

And the virus authors would care for why...?

0
2
Silver badge

Re: And the virus authors would care for why...?

Because they are State actors and don't want their enemies to know WHICH systems were compromised. Duh!

2
0

So, what are the IP addresses of the C&C servers?

0
0
Black Helicopters

192.168.100.x

o_O

0
0
g e
Silver badge

That's pretty thorough

Defo smacks of professional/industrial coding.

2
1
Silver badge
Stop

A tip for next time

Maybe not publicise it so well.

As soon, all you will have left is an anecdote about some malware that no longer exists.

0
0

Re: A tip for next time

What is this "smallpox" of which you speak?

1
0
Silver badge

Re: What is this "smallpox" of which you speak?

See: Twelve Monkeys

Why? Because now that everybody treats smallpox as if it is extinct it is the perfect weapon with which to unleash unlimited terror.

0
0
Boffin

Why new suicide module?

> Symantec says Flame had originally shipped with a suicide module,

> and they don’t know why a new suicide module was used.

Because the original one was compromised. Had been discovered. Could have been disabled.

(The icon is for Symantec's benefit.)

2
1
Anonymous Coward

Re: Why new suicide module?

Yeah, except that we learn from TFA that the new module was rolled out BEFORE it was discovered.

0
0
Silver badge

Re: Why new suicide module?

No, we learn that it was rolled out before it was allegedly discovered. If the State Actor saw warnings of it being discovered in one of their security notifications lists, that info goes directly to the black ops team so they can clean up their mess.

1
1

Of course, no malware author would ever fiddle with a creation date or timestamp before releasing something, would they?

2
0

I suppose this is the sort of thing you would do

If you wanted to bury the story before anyone could accurately count the infections and trace it back to your government.

1
0
Silver badge

Re: I suppose this is the sort of thing you would do

Nah. The NY Slimes will confirm it were The Big 0 wot done it within a few weeks, so no need to trace it. It might cover a compromised system or maybe protect an agent who was used to deploy it, but the agent's chances are at best 50:50 given the current Administration record anyway.

0
1
Silver badge
Big Brother

but did it work?

So has anyone re-drawn that pretty red map?

0
0
Thumb Up

Awesome!!!

0
0
Holmes

honey swat key...

That is really friendly of them to tidy up afterwards.

0
0
Silver badge
Pint

So in other words...

So, the Flame authors write a far better Uninstall routine than does Symantec for their horrid NIS.

Worse than that, the Flame authors can write software that goes about its secretive business without hardly anyone even noticing, as compares to Symantec software that constantly gets in the way and generally makes a complete nuisance of itself.

Flame authors: +2

Symantec: -1,000,000 for being so useless

4
0
Mushroom

JeffyPooh, Amen brother!

Ŷ Symantec software= designed by north Korean military cyber warriors to cause endless damage to civilian and US military assets.

There is only one test to join the elite of the united states airforce cyber command and that is be able to uninstall NIS cleanly from a windows millennium edition pc. No ones managed it yet.

Consistently Worse than any malware for 14 years.

1
0
Silver badge

I can uninstall NIS easily

Format and start over. Preferably with QNX

0
0
This topic is closed for new posts.

Forums