Feeds

back to article MiniDuke miscreants whip out old-school tricks to spy on world+dog

A new strain of malware designed to spy on multiple government entities and institutions across the world has been discovered by anti-virus firm Kaspersky Lab. MiniDuke has infected government entities in the Ukraine, Belgium, Portugal, Romania, the Czech Republic and Ireland. In addition, a research institute, two think-tanks, …

COMMENTS

This topic is closed for new posts.
Silver badge
Pirate

Nice

It's good to the Vxers getting back to writing effecent code.

Back in the day, it was some of the tightest code out there. (also video demos)

4
0

Re: Nice

China probably has the largest community of assembly-language savvy old-schoolers. Back in the the day most tight code was written in assembly language as western compilers were hard to come by. One of the best go-games was written in assembly language by a Chinese academic for that reason.

I don't expect Kaspersky folk to implicate China, by the way, since they are already on record that this China hacking stuff is all Google's tin-hattery rubbish.

0
1
Facepalm

Spying Malware?

Who is going to save us from all this Adobe Apple Android Linux Open Source malware?

0
3
Anonymous Coward

Re: Spying Malware?

Go on, tell us how well this virus runs on Linux or BSD. No really, feel free.

0
0
Silver badge
Windows

So they wheeled the old ones back in for some action?

"backdoor written in Assembler language"

A sudden urge to watch Space Cowboys again.

1
0
Anonymous Coward

Re: So they wheeled the old ones back in for some action?

Machine code would be slightly more efficient. What language do you think your modern computer is running by the way. The sad thing is that less and less "commercial" programmers understand Assembler while crooks understand it's value.

0
0
Gold badge
Boffin

A twitter client in <20KB

Is that not somewhat impressive?

Amazing what you can do if you abandon needing some kind of common language runtime.

BTW for those who feel assembler lacks data structure and security. It's all in the macro support in the assembler, or a very flexible macro processor like ML

If you can figure out how to make it work. :)

0
0

Re: A twitter client in <20KB

Of course assembler lacks security. Asembler is a _language_, security is a _design property_. Always amazed that people think that languages provide security ...

3
0
Anonymous Coward

Re: A twitter client in <20KB

> Is that not somewhat impressive?

I'd say no. from wiki re. the original mac os, done in 68K asm "the Mac ROM was significantly larger (64 kB) and held key OS code". I think that included the display, networking, filesystem, storage devices etc.

Your comment about ML is particularly interesting and I'm wondering if I should add it to my toolkit. If you have had any proper use of it I'd like your view on whether it's worth the investment.

A quick look at the docs suggest I can get most of the functionality in sed/m4 and if not, for a decent size project I could I suppose uncork flex/bison (it would have to be something special though). Maybe Awk is comparable - never used it ... worth learning, anyone?

0
0
Anonymous Coward

Re: A twitter client in <20KB

Awk is ok.. don't know about ML

1
0
Silver badge
Pint

Re: A twitter client in <20KB

Awk is good for your brain if you like to thinker with "things".

awk (also written as Awk and AWK) is a utility that enables a programmer to write tiny but effective programs in the form of statements that define text patterns that are to be searched for in each line of a document and the action that is to be taken when a match is found within a line. awk comes with most UNIX-based operating systems such as Linux, and also with some other operating systems, such as Windows 95/98/NT.

An awk program is made up of patterns and actions to be performed when a pattern match is found. awk scans input lines sequentially and examines each one to determine whether it contains a pattern matching one specified by the user. When the matching pattern is found, awk carries out the instructions in the program. For example, awk could scan text for a critical portion and reformat the text contained in it according to the user's command. If no pattern is specified, the program will carry out the command on all of the input data.

(from whatis.com)

0
0
Bronze badge

Re: "UNIX-based operating systems such as Linux"

Linux isn't based on UNIX, it is merely UNIX-like. GNU is Not Unix after all...

0
0
Thumb Up

Re: A twitter client in <20KB

awk is fantastic for formatting Apache mail logs :)

0
0
Bronze badge
Stop

Will you please give Katie Saucey's Dog ....

...a job on this tech rag, as she keeps being referred to in headlines; would make a great indicator as to what the world does actually care about.

0
0
Silver badge
Linux

Re: Will you please give Katie Saucey's Dog ....

There is world+dog, Schrödinger's cat and Linux the Tux and lately some horse meat. No discrimination here.

0
0

This post has been deleted by its author

Gold badge
Happy

Some brief notest on ML

ML is a macro processor. Like M4 it processes any type of file. Unlike these it is not line orientated and not character based. It processes groups of characters as a group (called "atoms" in the docs). In essence it looks for patterns of them (described as "delimiters" and "arguments") and replaces whichever ones you tell it to. It will then (depending on what you tell it to do) go over the replacement text and replace any macro calls it finds (or not, if you tell it to skip over it). Atoms can be single characters including punctuation.

An m4 macro def looks like a programming language function definition and its call much like a programming language function call, sometimes with parameters.

ML is much more free format. Once it finds the first macro delimiter (IE the macro name, which can be multiple atoms) it then looks for the argument (which can also be multi atom) and the next delimiter and so on, then replaces it by the what follows "AS" in the definition (including the start and end markers, or not as the case may be).

This flexibility does mean that you need to tell it what the "skip" and "insert" atoms (1 or more characters) are to begin with. That means you can process virtually any kind of file contents. The patterns can internally repeat and things like counts of the the number of delimiters and arguments are held in internal (accessible) variables. Including setting up the insert and skip delimiters it can do an infix -> Polish notation conversion in 4 lines.

Downsides. AFAIK its 1 character variable names and the Windows version can only chew on 5 input files at at time (I/O for different OS's is described in different appendices of the user manual, which are separate files). It's flow control is more GOTO/label than anything modern (it dates from the late 60's). It's graph node notation is especially tricky to get used to and it's case sensitive on input, which is starting to look like the big low level design mistake of otherwise excellent languages and tools.

The big one is it's so flat out different from M4 you may have trouble getting your head round it. Effectively you draw a template of what it has to look for. Normally it then takes what it finds in the gaps and drops that into whatever you have defined as the output. I'd say you can come close to re-modelling virtually any language into any other with it if you can figure out how to tell it what to do with the input.

And it's interactive by default, so you can play around quite a lot.

Bottom line. Lots of opportunity for mayhem.

1
0
Anonymous Coward

thanks all for your feedback on awk & ML

I'll get stuck into awk and take a hard look at ML just for kicks.

0
0
Gold badge
Happy

Re: thanks all for your feedback on awk & ML

"I'll get stuck into awk and take a hard look at ML just for kicks."

You might like to take a look at Gnu AWK (or GAWK)

There appears to be a version (4.0?) that allows indirection through the contents of an array (AWK uses content addressable arrays so for the right array the text "red" "green" "blue" are just as valid indexes into an array as 1,2,3 (but not the same array.

This indirection allows you to implement that favorite C idiom the array of pointers to functions, eliminating complex logic to decide which function to call to process some input.

Sadly this does not appear to be available in the Windows binaries.

0
0
This topic is closed for new posts.