SitePoint Sponsor

User Tag List

Results 1 to 12 of 12

Thread: Flame virus

  1. #1
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Flame virus

    First of all, Flame is a huge package of modules comprising almost 20 MB in size when fully deployed. Because of this, it is an extremely difficult piece of malware to analyze.
    http://www.securelist.com/en/blog/20...ns_and_Answers
    Why big size makes harder detect?
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  2. #2
    Robert Wellock silver trophybronze trophy xhtmlcoder's Avatar
    Join Date
    Apr 2002
    Location
    A Maze of Twisty Little Passages
    Posts
    6,316
    Mentioned
    60 Post(s)
    Tagged
    0 Thread(s)
    The size doesn't make it hard to detect it is hard to "analyze" because it has lots of modules included, which inturn means it's complex and has more code to analyse/sift through, rather than more efficiently written smaller compact programs.

  3. #3
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    9,031
    Mentioned
    152 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by abalfazl View Post
    That's not what it says. It says it makes it harder to analyze, meaning find out what the virus is doing. Because it is so big it takes a lot of time to check all the code and see what it does.

    Edit:


    ^^ what he said
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  4. #4
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why is the program several MBs of code? What functionality does it have that could make it so much larger than Stuxnet? How come it wasn’t detected if it was that big?

    The large size of the malware is precisely why it wasn’t discovered for so long. In general, today’s malware is small and focused. It’s easier to hide a small file than a larger module. Additionally, over unreliable networks, downloading 100K has a much higher chance of being successful than downloading 6MB.
    Do you agree with that?


    http://www.mcafee.com/us/about/skywiper.aspx
    Employing complex internal functionality using Windows APC calls and and threads start manipulation, and code injections to key processes Loading as part of Winlogon.exe and then injecting itself into explorer.exe and services
    I don't understand it. What is windows APC and its relationship to code injection? What about Winlogon.exe and injecting to explorer.exe ?


    Using custom database for attack modules (this is very unusual, but shows the modularity and extendability of the malware)
    Does it mean it holds attack modules in database?

    Thanks in advance!
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  5. #5
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Flame spreads within a network via a USB thumb drive, network shares, or a shared printer spool vulnerability and spreads only when instructed to do so by the attackers.
    Does it mean attackers spread of virus one by one?How attackers choose the next computer in order to attack?How they can understand this right choice? How can they limit?
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  6. #6
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    They test
    them against all popular antivirus engines to make sure they cannot be detected by signature files
    or any other protection systems (behavioral and heuristic scanning, etc.)
    What does "signature files" mean here?
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  7. #7
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    May someone answer my questions please?
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  8. #8
    #titanic {float:none} silver trophy
    molona's Avatar
    Join Date
    Feb 2005
    Location
    from Madrid to Heaven
    Posts
    8,169
    Mentioned
    232 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by abalfazl View Post
    What does "signature files" mean here?
    In this case, I would assume that it is a file with a hash code created to verify the legitimility of a document.

  9. #9
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    9,031
    Mentioned
    152 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by abalfazl View Post
    What does "signature files" mean here?
    I would say it's about tell tale files here; when a file with a certain name is found somewhere the virus scanner knows there's a virus.
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  10. #10
    SitePoint Mentor bronze trophy
    ronpat's Avatar
    Join Date
    Jun 2012
    Location
    NJ, USA
    Posts
    2,454
    Mentioned
    61 Post(s)
    Tagged
    2 Thread(s)
    A signature file is used by an anti-virus checker. The file contains strings of code that are uniquely associated with known viruses.

  11. #11
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you very much! May you answer other questions?
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  12. #12
    SitePoint Mentor bronze trophy
    ronpat's Avatar
    Join Date
    Jun 2012
    Location
    NJ, USA
    Posts
    2,454
    Mentioned
    61 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by abalfazl View Post
    Thank you very much! May you answer other questions?
    No. I am not familiar with the Flame virus, so I cannot answer other questions.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •