‘Flame’ Virus explained: How it works and who’s behind it
rt.comHeadline: "How it works and who's behind it"
Article: "So it is unclear who is behind that, and we try not to speculate who could be behind such attacks."
Yeah - so dissapointing - the article is just a link bait with no new information beside what was already revealed in the original story on HackerNews a few days ago.
Kaspersky again. I'll refer you to my recent comment http://news.ycombinator.com/item?id=4033892
It can steal information from the input boxes when they are hidden behind asterisks
OMG!!
Thanks for sharing your opinion - I'd give them credit, though. At least they've discovered the virus during their investigative research.
RT, not the best source for any kind of explanation...
"It was actually after an inquiry from the International Telecommunications Union, which is a part of the United Nations, who actually asked us to start conducting research" ...Wow, this sounds serious, indeed.
A little more interesting when they say this wasn't even what the ITU called them to investigate.
My guesses are Israel, the US, Russia & China, in descending order.
Flame is not remotely in the same category as stuxnet.
The news agencies are confusing capability with complexity. Stuxnet was very targeted with insider information on esoteric industrial systems. It was designed to fly under the radar, cause damage to physical systems in such a way that it would appear to be from "wear and tear."
As I recall, stuxnet used some compiler shenanigans to obfuscate stackframes and make it difficult to decompile (after having first decrypted the executable code).
Flame is written in Lua! A scripting language! So to say that somehow Flame is going to be hard to analyze is absurd.
It's a 20MB package of the Lua VM, the scripts, and modules like sqlite. It's about as vanilla of an application as you can get!
They claim this 20MB package size is going to make it super duper hard to analyze, and yet they have the source code to look at, and while it's a decent size at 3k lines, it's SOURCE CODE. Not obfuscated machine language.
The coverage on this is just stupid.
Some good information on Flame is at http://www.securelist.com/en/blog/208193522/The_Flame_Questi... . It still has the absurd commentary, but at least it gives details on what is actually there.
Thanks for the securelist-link. It's indeed a better source for some technical details, also from a Kaspersky expert... But in the RT-interview the Kaspersky's chief malware expert says things that concur with what you share: "There is no reliable relation between Stuxnet and Flame as we call it…they are completely different. Because Stuxnet was a small application developed for a particular target with the specific objective to interact with industrial control systems and break them down. And Flame is a universal attacking tool kit used mostly for cyber espionage."