The controllers of the Flame malware have apparently reacted to the publicity surrounding the attack by sending a self-destruct command. According to Symantec, some command-and-control machines have sent a command designed to wipe Flame from compromised computers. The command, which Symantec has dubbed “urgent suicide”, was …
Is anybody else reminded of Steve Jackson Games' "Hacker"?
You could spend an action "cleaning" up a system, removing everybody else who had compromised it.
(now, if only SJG would do a Hacker: Designer's Edition Kickstarter, after the success of the Ogre: Designer's Edition Kickstarter).
There are days I wish somebody would write a Warhol Worm that would infect every already infected botnet zombie out there, then "kill" them by overwriting the hard disk: the old "Nuke the entire site from orbit" approach to cleansing the Internet.
Maybe this is the prelude to killing the Internet?
A little feasibility test.....
Couldn't they just type "Google" into Google to kill the Internet?
I thought you just had to ask the internet a vaguely difficult and insoluble question and wait for it to explode. I saw Captain Kirk do it once, so it must be true.
Yhe Internet? I thought by the twenty-second century they had replaced the Internet with a big mainframe with blinkenlights on an asteroid somewhere in deep space. It's progress, Jim, but not as we know it.
'After deletion, the module overwrites the disk with random characters.'
Richard, I'm assuming that means just the sectors previously occupied by the Flame code? Otherwise it's a bit of overkill, is it not?
Flame, what else?
And the virus authors would care for why...?
Re: And the virus authors would care for why...?
Because they are State actors and don't want their enemies to know WHICH systems were compromised. Duh!
So, what are the IP addresses of the C&C servers?
That's pretty thorough
Defo smacks of professional/industrial coding.
A tip for next time
Maybe not publicise it so well.
As soon, all you will have left is an anecdote about some malware that no longer exists.
Re: A tip for next time
What is this "smallpox" of which you speak?
Re: What is this "smallpox" of which you speak?
See: Twelve Monkeys
Why? Because now that everybody treats smallpox as if it is extinct it is the perfect weapon with which to unleash unlimited terror.
Why new suicide module?
> Symantec says Flame had originally shipped with a suicide module,
> and they don’t know why a new suicide module was used.
Because the original one was compromised. Had been discovered. Could have been disabled.
(The icon is for Symantec's benefit.)
Re: Why new suicide module?
Yeah, except that we learn from TFA that the new module was rolled out BEFORE it was discovered.
Re: Why new suicide module?
No, we learn that it was rolled out before it was allegedly discovered. If the State Actor saw warnings of it being discovered in one of their security notifications lists, that info goes directly to the black ops team so they can clean up their mess.
Of course, no malware author would ever fiddle with a creation date or timestamp before releasing something, would they?
I suppose this is the sort of thing you would do
If you wanted to bury the story before anyone could accurately count the infections and trace it back to your government.
Re: I suppose this is the sort of thing you would do
Nah. The NY Slimes will confirm it were The Big 0 wot done it within a few weeks, so no need to trace it. It might cover a compromised system or maybe protect an agent who was used to deploy it, but the agent's chances are at best 50:50 given the current Administration record anyway.
but did it work?
So has anyone re-drawn that pretty red map?
honey swat key...
That is really friendly of them to tidy up afterwards.
So in other words...
So, the Flame authors write a far better Uninstall routine than does Symantec for their horrid NIS.
Worse than that, the Flame authors can write software that goes about its secretive business without hardly anyone even noticing, as compares to Symantec software that constantly gets in the way and generally makes a complete nuisance of itself.
Flame authors: +2
Symantec: -1,000,000 for being so useless
JeffyPooh, Amen brother!
Ŷ Symantec software= designed by north Korean military cyber warriors to cause endless damage to civilian and US military assets.
There is only one test to join the elite of the united states airforce cyber command and that is be able to uninstall NIS cleanly from a windows millennium edition pc. No ones managed it yet.
Consistently Worse than any malware for 14 years.
I can uninstall NIS easily
Format and start over. Preferably with QNX
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Storagebod Oh no, RBS has gone titsup again... but is it JUST BAD LUCK?
- Two million TERRIBLE PASSWORDS stolen by malware attackers