Flame virus, most sophisticated malicious code ever seen, was developed by U.S. government.

Now, according to reports, some of the most sophisticated malicious code ever developed is a product of the United States government, leaving more than a few tech experts and analysts concerned that maybe now, Washington has become a bigger info-terrorist than some of the country's worst enemies.

Full article

What are your thoughts?

reply to post by shaluach


well, if the Old Decent New York Times published the assumption that it might be the joint effort of US & Israeli governments (of course Israel denied) already 2 weeks ago (more or less, don't recall the exact date), this isn't either "news" anymore nor "new".
It's known for some time now that governments produce malware that allow them to spy. Every now and then they are getting caught. They say "sorry, won't do it again" and go on. This was the case in one of Germany's states as well, when police was caught producing a virus that intercepted email.

should we be surprised? Nope.
should we take action and protect ourselves, using encryption and refusing to buy the latest hype about "cloud computing"? Sure we should

reply to post by shaluach

"We are now 100 percent sure that the Flame and Stuxnet groups worked together," Roel Schouwenberg, a senior researcher at Russia-based Kaspersky Lab, said during a press conference. "The fact that the Flame group shared their source code with the Stuxnet group shows they cooperated at least once."

What's to say they didn't just copy code from Stuxnet and put it into Flame?

reply to post by NeverSleepingEyes


It may not be "new" but I just come across things that I find interesting and post them for those who may find them interesting also.

Think about the major hardware and software innovating corporations. Do you for once think that it is not possible? Common now. Many companies have government (DOD) contracts to provide customized software. It is not your COTS product. Ofcourse everything is possible based on the 'requirement'

reply to post by shaluach


What exactly does this virus do to your computer?

I saw an article yesterday suggesting it was Chinese or Russian in origin .. I guess it's safe to say that it's not entirely conclusive yet who put it together.

Originally posted by ChaoticOrder
reply to post by shaluach

 

"We are now 100 percent sure that the Flame and Stuxnet groups worked together," Roel Schouwenberg, a senior researcher at Russia-based Kaspersky Lab, said during a press conference. "The fact that the Flame group shared their source code with the Stuxnet group shows they cooperated at least once."

What's to say they didn't just copy code from Stuxnet and put it into Flame?

edit on 12-6-2012 by ChaoticOrder because: (no reason given)

It's not that simple.. they aren't decompiling the code to it's original form to analyze it.. they are looking at it in it's raw machine language form (assembly).. you can't just copy and paste code like that into your own.. they've basically found fingerprints of stuxnet in flame and vice versa.. which tells you they had the same source in parts.. shared code before compilation... so they had to have cooperated or been the same people.

Nobody has the source but the authors.. if the security firms had it then they'd know what this thing did exactly the day they got it.. it's much more difficult to trace assembly language.. it takes a lot more time..

For those that don't know programming I figure I can give a simple example.. Programming is typically done at a higher level and then when you finish you compile it, that compiler then takes human readable syntax and converts it into something the computer understands.. once you compile it ( depending on the language and compiler options ) you can't really decompile it back to something useful.. so you keep your source files, modify those, compile.. run ..

A source file for a simple hello world program in the c language looks like this .. ATS no doubt messed up SOME of the formatting.. but you get the idea .. I tried to edit so it wouldn't much

#include stdio.h
main()
[
printf("Hello World");
]

Imagine that is Flame .. ( as if it were that simple ) .. but you can see it's only a couple of lines really

Now if they disassemble this to get it's machine code form ( assembly ) it would come out to something probably like this

section .text
global _start ;must be declared for linker (ld)

_start: ;tell linker entry point

mov edx,len ;message length
mov ecx,msg ;message to write
mov ebx,1 ;file descriptor (stdout)
mov eax,4 ;system call number (sys_write)
int 0x80 ;call kernel

mov eax,1 ;system call number (sys_exit)
int 0x80 ;call kernel

section .data

msg db 'Hello, world!',0xa ;our dear string
len equ $ - msg ;length of our dear string

Only there wouldn't be comments in english explaining each line.. much harder to trace and looks nothing like it's originating source code.. this is why dis-assembling a virus and analyzing it often takes time.. especially if it's large and complex.. you have to understand exactly what is going on, there's not really any english language syntax to help you .. in many modern languages you can guess what is going on even if you don't know the language.. not so with machine code unless you seriously know your stuff..

reply to post by miniatus

Nobody has the source but the authors..

I was fairly certain the entire decompiled source of Stuxnet was available on the internet, in fact I remember reading some of it.

double

Originally posted by ChaoticOrder
reply to post by miniatus

 

Nobody has the source but the authors..

I was fairly certain the entire decompiled source of Stuxnet was available on the internet, in fact I remember reading some of it.

Portions of stuxnet original source were found in the Anonymous leaks of HBGary's email .. but it wasn't the whole thing.. I forgot about that actually.. flame's source isn't out there though so they'd still have to compare the two at the assembly level anyway.. Comparing machine language isn't that difficult, you write something to search for similar patterns in the code .. people do that any way to test to see if someone has stolen intellectual property or used open source software against the public licensing.

reply to post by miniatus


Yeah I guess you're right. It's clear that some type of highly professional team(s) are behind both these viruses. Most likely Government financed programmers and researchers, so it wouldn't be surprising if the teams were some how connected.

Hi! i found something but unfortunately only on german sites where they say that this Flame Virus
now is capable of intrusion through Windows-Update it seems to be the holy grail for these programmers to get it done with that they say.
The first article is from 08.06.2012 so its fairly new and also shows some code snippets from Flame

Flame Info Translated from german-->English

Flame Info (Translated from German-->English)

Originally posted by shaluach
reply to post by NeverSleepingEyes

 

It may not be "new" but I just come across things that I find interesting and post them for those who may find them interesting also.

sure! i am glad you did (and didn't mean to offend you in any way)
your post was/is very relevant.