topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday December 15, 2024, 6:10 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Bizarre old-school spyware attacks governments, sports Mark of the Beast  (Read 4525 times)

Arizona Hot

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 3,195
    • View Profile
    • Donate to Member

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,761
    • View Profile
    • Donate to Member
That link, was unreadable for me.

Seriously...For what is supposed to be a professional news post, the lack of basic grammar makes me wonder how these people get jobs.

Asides from grammar, there are parts that literally make no sense...

that uses low-level code to stay hidden and Twitter and Google

Now...I assume this means "Tweets and G+'s...However...the fact he specifically says Twitter and Google in this context, makes me think differently, which makes it bloody hard to read.

MiniDuke, as researchers from Kaspersky Lab and Hungary-based CrySyS Lab have dubbed the threat,

Shouldn't that be... "MiniDuke; as researchers..."?

*sighs*

I might just be getting older, but things like this have started to piss me off more than they should.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
You really have to wonder who is writing these things and why? The references aren't coincidence - they're either meaningful or they're misdirection or just to screw with people's heads.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
That link, was unreadable for me.

Seriously...For what is supposed to be a professional news post, the lack of basic grammar makes me wonder how these people get jobs.

If you have some classical education, it's almost impossible to listen to most people speak as they are barely capable of speaking their own language properly. Similar for print now.

Publishing is more about profit than publishing. Tight deadlines and all that make it difficult to properly edit or proof anything, let alone do any real journalism or fact checking.

Press releases from companies have been accepted as news for years. None of this should be a surprise.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
After reading it twice I've come to the conclusion I either know far less about how this sort of thing works than I think I do (always a possibility) - or - (also a distinct possibility) that there's considerably less in the article than meets the eye.

Right now I'm coming down more on the side of the second possibility. Grammatical errors aside, there are a few claims being made, and 'explanations' advanced, that are...um...dubious...at best. Which is surprising since ArsTechnica usually vets their articles better than that.
 8)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,778
    • View Profile
    • Read more about this member.
    • Donate to Member
MiniDuke, as researchers from Kaspersky Lab and Hungary-based CrySyS Lab have dubbed the threat,

Shouldn't that be... "MiniDuke; as researchers..."?

Nope.

A semicolon is used to connect two related (but independently complete) sentences, e.g., "At the mall I bought four things; my sister bought only two things."

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
"At the mall I bought four things; my sister bought only two things."

Which leaves me wondering if she just stole all the other stuff. :P
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
The first thing that hit my min when I saw the topic of this post: "Oh, Renegade, you!" 8)

As for grammar'nstuff: "Unidentified attackers have infected government agencies and organizations in 23 countries with highly advanced malware that uses low-level code to stay hidden and Twitter and Google to ensure it always has a way to receive updates." might not be elegant, but I didn't find any problem parsing it: it uses low-level code to stay hidden, and it parses tweets and g+whatevers as a C&C channel - in a very inelegant and obvious way, it seems - why don't they stega-hide the info on sites with pictures of lolcats? It's 10+ years since I had that idea, and it can't really be a very unique idea, IMHO.

Yeah, it does say the updates themselves are stagenographically hidden in images (I wonder if it's real stega or just plain old EXIF or unused GIF blocks or whatever), but the content of the tweet in the picture has obvious payload.

Queued Kaspersky and CrySys reports for later. I snickered a bit at the Ars article - "Then there's the multilayered technical agility of the malware, including its ability to dynamically scan all functions from memory instead of importing them." - as if any of that is rocket science or requires much skill to do :)
- carpe noctem