• Welcome to the new Internet Infidels Discussion Board, formerly Talk Freethought.

Malware that even an anti virus provider cant deal with

tupac chopra

tupac chopra

Veteran Member
Joined
Feb 21, 2013
Messages
1,123
Location
Blacktown
Basic Beliefs
I am god
Perhaps most costly to the attackers was their failure to renew some of the domains used by these servers. Out of the 300 or so domains used, about 20 were allowed to expire. Kaspersky quickly registered the domains and, over the past ten months, has used them to "sinkhole" the command channels, a process in which researchers monitor incoming connections from Equation Group-infected machines.

One of the most severe renewal failures involved a channel that controlled computers infected by "EquationLaser," an early malware platform abandoned around 2003 when antivirus programs began to detect it. The underlying domain name remained active for years until one day, it didn't; Kaspersky acquired it and EquationLaser-infected machines still report to it.
Click to expand...
LOL, not so smart after all, can't keep track of their own shit.
 
barbos said:
Perhaps most costly to the attackers was their failure to renew some of the domains used by these servers. Out of the 300 or so domains used, about 20 were allowed to expire. Kaspersky quickly registered the domains and, over the past ten months, has used them to "sinkhole" the command channels, a process in which researchers monitor incoming connections from Equation Group-infected machines.

One of the most severe renewal failures involved a channel that controlled computers infected by "EquationLaser," an early malware platform abandoned around 2003 when antivirus programs began to detect it. The underlying domain name remained active for years until one day, it didn't; Kaspersky acquired it and EquationLaser-infected machines still report to it.
Click to expand...
LOL, not so smart after all, can't keep track of their own shit.
Click to expand...

They definitely weren't stupid. To pull something like this off, basically, you can never make a mistake. In 14 years someone will screw up.
 
NobleSavage said:
barbos said:
LOL, not so smart after all, can't keep track of their own shit.
Click to expand...

They definitely weren't stupid. To pull something like this off, basically, you can never make a mistake. In 14 years someone will screw up.
Click to expand...

And the scary thing is, Kaspersky is only catching the malware programs that have been abandoned because a defense against them EXISTS.

This is like trying to catch an arsonist who immediately leaves the scene of the crime as soon as someone calls 9/11: you're still putting out the LAST fire when you find out about the next one, and the fact that you found out means he's already moved on.
 
do you think that they have similar technology for embedded memory on iPhones or on Micro SD card?
 
Time until this is blamed for not getting papers in on time 5..4...3...2..
 
While you can't disinfect the drive you can see the infection--the drive itself can't do any evil, it has to infect a file. AV software can see that infected file.

Think there's malware in that drive that's dropping <x> into the filesystem?

Set up a virtual machine, encrypt the drive image. From within the virtual machine copy that drive image to the suspect drive. Now compare them.

Different (other than a few bytes that will change), you've got an evil drive. Same? I couldn't have done what you suspect.

Somebody would have blown the whistle.
 
My prediction: Some will claim this is a conspiracy theory to distract attention from Putin's misdeeds and NSA would never do something so sinister because of the dire consequences if it were discovered they engaged it this type of activity.
 
Nexus said:
My prediction: Some will claim this is a conspiracy theory to distract attention from Putin's misdeeds and NSA would never do something so sinister because of the dire consequences if it were discovered they engaged it this type of activity.
Click to expand...

There was a thread on this recently, and they all but admitted their involvement.

A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.
Click to expand...

NSA officials e-mailed the following statement to Ars:

We are aware of the recently released report. We are not going to comment publicly on any allegations that the report raises, or discuss any details. On January 17, 2014, the President gave a detailed address about our signals intelligence activities, and he also issued Presidential Policy Directive 28 (PPD-28). As we have affirmed publicly many times, we continue to abide by the commitments made in the President’s speech and PPD-28. The U.S. Government calls on our intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats - including terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against ourselves and our allies; and international criminal organizations.
Click to expand...

http://arstechnica.com/security/201...-nsa-hid-for-14-years-and-were-found-at-last/
 
If NSA can do it, so can Russia, or China, or Iran, or ...

Whether it was illegal or not, or if some number of terrorists were caught, this news is good enough reason to take security seriously and build measures against this type of attack. I'd be very interested to know how Kaspersky lab actually figured it out, and were the hard drive manufacturers aware of it.
 
Jayjay said:
I'd be very interested to know how Kaspersky lab actually figured it out, and were the hard drive manufacturers aware of it.
Click to expand...

Take a look at the article linked in the post above - they go in depth on it.
 
Jayjay said:
If NSA can do it, so can Russia, or China, or Iran, or ...

Whether it was illegal or not, or if some number of terrorists were caught, this news is good enough reason to take security seriously and build measures against this type of attack. I'd be very interested to know how Kaspersky lab actually figured it out, and were the hard drive manufacturers aware of it.
Click to expand...
The thing I noticed is how unimaginative and dumb some of their methods were in this particular case.
They apparently thought there were 2 actual users which were worthy enough to be ignored.
They had spent shitload of CPU to run through dictionary to find out that the word is "unegistered"
Then they continued for the second hash instead of trying "unegistered" in different languages, that's pretty dumb if you ask me.

Anyhow, nothing is new here. US admitted using it against Iran, and in this particular case targeted certain high value individuals only, not every single person in the world. I can't really trash NSA for that. On the other hand they knew that if they start infecting every hard drive then it would be discovered in a week or so.
Hard drive manufacturers were probably not aware of it.
 
Loren Pechtel said:
While you can't disinfect the drive you can see the infection--the drive itself can't do any evil, it has to infect a file.
Click to expand...
Not true. For starters, there have been past cases of hard drives infected with malware that programmed the drives to upload their entire contents to a third party at a pre-determined time and date and then format the hard drive so the owner can't recover those files. Which kind of makes sense, since a number of programs of this type are known to have been developed by the NSA.

Basically, if you're inserting malware into a hard drive's firmware, it's because you're trying to fuck with the hard drive itself. Either because you want to be able to kill it at will (stuxnet at al) or because you want to be able to access it without its owner knowing it.

Or both.
 
This is all assuming that you don't replace the drive firmware yourself. It takes a fair bit of work, but if you suspect you have an evil drive, you can flash it. It's a lot of work but it isn't impossible to remove unless the virus disabled flashing it's firmware image; if a drive does THAT, then you can tell its evil, as firmware flash is disabled in that case. And if the firmware puts backups on the drive, you can remove the malicious bits by deleting them on a second system.

The answer to all this is assume all drives that can be infected are, and flash them.
 
You must log in or register to reply here.
Back
Top Bottom