The controllers of the Flame malware have apparently reacted to the publicity surrounding the attack by sending a self-destruct command. According to Symantec, some command-and-control machines have sent a command designed to wipe Flame from compromised computers. The command, which Symantec has dubbed “urgent suicide”, was …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Friday 8th June 2012 01:52 GMT Anonymous Coward

Hacker

Is anybody else reminded of Steve Jackson Games' "Hacker"?

You could spend an action "cleaning" up a system, removing everybody else who had compromised it.

(now, if only SJG would do a Hacker: Designer's Edition Kickstarter, after the success of the Ogre: Designer's Edition Kickstarter).

There are days I wish somebody would write a Warhol Worm that would infect every already infected botnet zombie out there, then "kill" them by overwriting the hard disk: the old "Nuke the entire site from orbit" approach to cleansing the Internet.

6 1
1. Friday 8th June 2012 04:43 GMT Anonymous Coward
  
  Re: Hacker
  
  Maybe this is the prelude to killing the Internet?
  
  A little feasibility test.....
  
  0 1
  1. Friday 8th June 2012 07:41 GMT Horridbloke
    
    Re: Hacker
    
    Couldn't they just type "Google" into Google to kill the Internet?
    
    12 0
    1. Friday 8th June 2012 12:58 GMT Anonymous Coward
      
      Re: Hacker
      
      I thought you just had to ask the internet a vaguely difficult and insoluble question and wait for it to explode. I saw Captain Kirk do it once, so it must be true.
      
      2 0
      1. Monday 11th June 2012 13:38 GMT Francis Boyle
        
        Re: Hacker
        
        Yhe Internet? I thought by the twenty-second century they had replaced the Internet with a big mainframe with blinkenlights on an asteroid somewhere in deep space. It's progress, Jim, but not as we know it.
        
        0 0
Friday 8th June 2012 04:56 GMT Magani

Huh?

'After deletion, the module overwrites the disk with random characters.'

Richard, I'm assuming that means just the sectors previously occupied by the Flame code? Otherwise it's a bit of overkill, is it not?

Flame, what else?

4 0
1. Friday 8th June 2012 10:42 GMT Graham Bartlett
  
  Re: Huh?
  
  And the virus authors would care for why...?
  
  0 2
  1. Friday 8th June 2012 11:24 GMT Tom 13
    
    Re: And the virus authors would care for why...?
    
    Because they are State actors and don't want their enemies to know WHICH systems were compromised. Duh!
    
    3 0
Friday 8th June 2012 07:56 GMT xenny

So, what are the IP addresses of the C&C servers?

0 0
1. Friday 8th June 2012 13:56 GMT The Baron
  
  192.168.100.x
  
  o_O
  
  0 0
Friday 8th June 2012 08:40 GMT g e

That's pretty thorough

Defo smacks of professional/industrial coding.

2 1
Friday 8th June 2012 08:58 GMT ukgnome

A tip for next time

Maybe not publicise it so well.

As soon, all you will have left is an anecdote about some malware that no longer exists.

0 0
1. Friday 8th June 2012 09:18 GMT Ed 13
  
  Re: A tip for next time
  
  What is this "smallpox" of which you speak?
  
  1 0
  1. Friday 8th June 2012 11:27 GMT Tom 13
    
    Re: What is this "smallpox" of which you speak?
    
    See: Twelve Monkeys
    
    Why? Because now that everybody treats smallpox as if it is extinct it is the perfect weapon with which to unleash unlimited terror.
    
    0 0
Friday 8th June 2012 09:40 GMT smudge

Why new suicide module?

> Symantec says Flame had originally shipped with a suicide module,

> and they don’t know why a new suicide module was used.

Because the original one was compromised. Had been discovered. Could have been disabled.

(The icon is for Symantec's benefit.)

3 1
1. Friday 8th June 2012 09:46 GMT Anonymous Coward
  
  Re: Why new suicide module?
  
  Yeah, except that we learn from TFA that the new module was rolled out BEFORE it was discovered.
  
  0 0
  1. Friday 8th June 2012 11:31 GMT Tom 13
    
    Re: Why new suicide module?
    
    No, we learn that it was rolled out before it was allegedly discovered. If the State Actor saw warnings of it being discovered in one of their security notifications lists, that info goes directly to the black ops team so they can clean up their mess.
    
    2 1
Friday 8th June 2012 09:54 GMT Dom 3

Of course, no malware author would ever fiddle with a creation date or timestamp before releasing something, would they?

2 0
Friday 8th June 2012 10:15 GMT jubtastic1

I suppose this is the sort of thing you would do

If you wanted to bury the story before anyone could accurately count the infections and trace it back to your government.

1 0
1. Friday 8th June 2012 11:34 GMT Tom 13
  
  Re: I suppose this is the sort of thing you would do
  
  Nah. The NY Slimes will confirm it were The Big 0 wot done it within a few weeks, so no need to trace it. It might cover a compromised system or maybe protect an agent who was used to deploy it, but the agent's chances are at best 50:50 given the current Administration record anyway.
  
  0 1
Friday 8th June 2012 10:22 GMT Robert E A Harvey

but did it work?

So has anyone re-drawn that pretty red map?

0 0
Friday 8th June 2012 14:28 GMT Anonymous Coward

Awesome!!!

0 0
Friday 8th June 2012 14:51 GMT Britt Johnston

honey swat key...

That is really friendly of them to tidy up afterwards.

1 0
Friday 8th June 2012 16:46 GMT JeffyPooh

So in other words...

So, the Flame authors write a far better Uninstall routine than does Symantec for their horrid NIS.

Worse than that, the Flame authors can write software that goes about its secretive business without hardly anyone even noticing, as compares to Symantec software that constantly gets in the way and generally makes a complete nuisance of itself.

Flame authors: +2

Symantec: -1,000,000 for being so useless

4 0
Saturday 9th June 2012 08:22 GMT Rockyroadtopoland

JeffyPooh, Amen brother!

Ŷ Symantec software= designed by north Korean military cyber warriors to cause endless damage to civilian and US military assets.

There is only one test to join the elite of the united states airforce cyber command and that is be able to uninstall NIS cleanly from a windows millennium edition pc. No ones managed it yet.

Consistently Worse than any malware for 14 years.

2 0
Tuesday 12th June 2012 18:34 GMT Alan Brown

I can uninstall NIS easily

Format and start over. Preferably with QNX

0 0