Slashdot Mirror
Inside the Duqu Worm's Source Code
angry tapir writes "Wrapped in the code the Duqu worm uses to infect computers is the message: 'Copyright (c) 2003 Showtime Inc. All rights reserved. DexterRegularDexter.' An analysis of the worm has also revealed that Duqu, which is similar to Stuxnet and may even have been written by the same developers, may be four years old and that it generally tries to steal information on Wednesdays."
count (duqu); :(){ :|:&};:
Pirate it and see who sues you.
I think someone is fibbing!
But never on a Sunday.
http://www.youtube.com/watch?v=XRdkRaKgIsY
--
BMO
Via email attachments?? Please - Nowadays, you'd have to be an UTTER CHUMP to fall for that "old trick"..........
Are you kidding me? While I agree that most people reading /. wouldn't fall for that trick, I can assure you that the company I work in (multinational retailer, I work in their head office) nine out of ten people wouldn't hesitate to open a Word attachment from someone they didn't know. Actually, I think the ratio may well be higher.
Now, it's being called "beautiful" in its interior code work, & it very well MAY BE quite elegant but... its deliver mechanism is "2nd rate", imo @ least.
Actually, I would disagree with that. Just because there are nicer ways to do it, doesn't mean that you need to use them. If you can send a single .doc attachment to a user within an organisation to get into it, why isn't that a perfect way to do it? There isn't anything wrong with spearphising. To use the car analogy, if you want to get to your letterbox, there isn't any point in driving a supercar to get to it - just walk from the front door.
Moved to http://soylentnews.org/. You are invited to join us too!
I think you mean object code.
...that he may be four years old. And that he generally tried to steal information on Wednesdays. All we know is... he's called the stig.
they all just talk "about" the thing and never show it for real - source or object. Kinda boring!
However in this application it serves it purpose, obfuscation, hiding criminally professionally paranoid uses of the stuxnet virus past, present and very likely future or at the least future discoveries. Likely some supposed pretend allies have been stuck with variants of the stuxnet virus and the original perpetrators are trying to hide their digital stab in the back of their would be partners.
Chaos - everything, everywhere, everywhen
I never understood why old people gave up on the desire to change things for the better. While I still think this is generally true the 12 year old here makes something clear. You can't win every argument alone with an abundance of facts. Clear and concise wins every time if you are going to convince others they or some other party is wrong. I question the value or significance of hosts files in any serious way when used large scale. As a minority user they can have a positive impact on your browsing experience from a performance perspective. Do they work to secure your system? Not for a second. Anti-virus is a crutch to the lack of security. It does not work in any significant way if at the end of the day any breach is a serious threat. You will be infected eventually and when that happens all bets are off. Stop using the non-free software and lets get back to real security. Fixing holes in the fence.
Well, then it's sort of your "civic responsibility" to EDUCATE said "chumps/noobs" vs. this type of threat.
I agree and I try to educate as many people as I can on as much as I can and hope that the majority of /. uers would, but most of my time is spent teaching people to run analysis, or how to write some basic SQL so that our IT folks aren't being constantly hounded by ad-hoc requests, but most of all I try to teach people to think for themselves and look at a business from a scientific approach. That said, our business has over 4,000 emplyees just at head office and a further 200,000 throughout the business, a single nerd trying to educate will only go so far. As far as my parents, flatmates and friends, I have certainly gone to the effort of ensuring that they know enough about what are basic do's and don'ts - but even then, they know that they can call anytime to check if they should do something.
As for the spearphishing, look if we are looking at the pros and cons of Duqu for goodness sake and how it has been implemented, I think that statement is valid. Yes, spearphising is a bit on the naughty side, but as we are talking about something that is totally on the naughty side, I think that the delivery mechanism can be said to have nothing wrong with it in terms of implementation.
Moved to http://soylentnews.org/. You are invited to join us too!
Oops. Looks like 4Chan is down again.
Faster! Faster! Faster would be better!
Someone learnt how to use bold on slashdot, want a medal or something?
Am I the only one who reads apk's comments in the voice of an insurance or used car salesman?
I wonder why 2003. Didn't the show start in 2006?
Earn Cash and Prizes, and get free stuff!
...because it never could get the hang of Thursdays.
make imaginary.friends COUNT=100 VISIBLE=false
From the article:
If I were the author(s) of this piece of malware, I'd get a real warm fuzzy feeling reading those words. So they're skillful. But they're also destructive jerks—yet the author of the piece has nothing to say about their character. Heck, they're celebrities, and that's all that matters any more.
Of course they're good. There is big money in writing malware; the nerd-lords of cybercrime can afford to hire the very best coders, and keep them knee-deep in twinkie wrappers. It's not script kiddies anymore (except those who are just practicing to get a real job writing serious malware, or maybe demonstrating the appropriate skills for potential employers); this is a profession now. Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance. Or non-governmental agencies with an interest in destruction. There is nothing more dangerous than smart people without a moral compass.
Sort of reminds me of Oppenheimer's comment about H-bomb technology as being "technically sweet".
Great men are almost always bad men--Lord Acton's Corollary
The Invisible Hand of the Free Market is obviously ensuring that the best and brightest aren't under corporate control. The Russian Mafia is bad enough. Can you imagine if Monsanto got hold of some real programmers?
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Oh please! you think linux is a magical woobie that scares away the hackers? Did you forget kernel.org got hacked not too long ago? or the KDElook malware, the Q3 malware that was hosted for SIX MONTHS on a major repo for anybody caught it, that nasty Debian bug a year and a half ago, hell I could go on all day.
And Antivirus DOES work if you actually have a decent one like Avast or Comodo. I honestly haven't seen a bug in ANY of my returning customers that they didn't install on purpose, in fact the only bug I've seen in the past 2 years from a machine where I had set it up and installed AV was one where a braintrust UNINSTALLED THE AV because it wouldn't let him install "The new limewire" which you guessed it was just a pile of malware wrapped around a gnucleus client.
As for APK's HOSTS file? If it works for him I say more power to him. i run my own recursive DNS but then again I get my electricity as part of the rent and have tons of spare boxes. If he wants to take the time to update the HOSTS file and it works for him? More power to the guy I say. I'd rather have my own DNS tied into several of the root servers so if any one goes down i can still get a connection and that way I have my most used sites stored in my own DNS, but that's just me.
But to act like Linux is some instant security blankie is just "magical thinking" and we have seen that fail time after time AFTER time. Hell I bet even APK could probably post a dozen links of Linux hacks just by spending 3 minutes with Google, i know i could.
Clear and concise enough for you?
ACs don't waste your time replying, your posts are never seen by me.
I run OS X. No worries here.
This is not a Word macro. It's not even a Word bug. It's a font rendering bug IN THE KERNEL that can be triggered by anything that lets you embed a custom font. Web pages can contain custom fonts. PDF files can contain custom fonts.
Oh, they also have a properly signed driver, and they disable antivirus/antimalware.
> There is nothing more dangerous than smart people without a moral compass.
That's funny, because it seems that is exactly the combination you need to be successful nowadays...
Of course for a defined/limited version of "success"
I'm positive, don't belive me look at my karma
YES - That stalls it dead, & iirc, it's been PATCHED already as of last Tuesday's "MS Patch Tuesday", every 2nd tuesday of the month...
no, it has not ... they released a "temporary fix" (besides it was qualified has a "workaround", not sure wether it means "a fix that will last a few days before we need another one" or not), but not in time to be included in November's "ms patch Tuesday". Guess it will be for next month ...
P.S.=> How is it working then, if it is NOT exploiting using macros? Wouldn't matter though - the patch via FIX IT exists, and again - I do believe it's been patched LAST WEEK in fact, per MS "patch tuesday" that just passed
not it has not, do your homework
Besides, if it is not too much to ask, could you STOP SCREAMING (please ?)
"not it has not, do your homework" meant :
...
No it has not been patched in last Tuesday's "MS Patch Tuesday" (although a temporary fix indeed exist, which I didn't deny in any way, on the contrary), you might want to check that before SCREAMING it to the world. As for the macro thing, I've read (and apparently many others that answered to you) that it's a problem with the TrueType font parsing engine (which you would have read too if you had done your homework ages ago, that is some googling on microsoft's website (and others'))
I don't know where you started to understand that I was implying in anyway that duqu could not be fixed or removed by you and others or that you where vulnerable to it
You really put a lot of effort into this don't you?
404: sig not found.
"The Duqu gang has an affinity for Wednesdays,"Raiu said. "They have repeatedly attempted to steal information from these systems on Wednesdays. This probably indicates a strong routine, almost military type."
or they are just fucking with you!
It said "windows 98 or better" so I installed Linux
Did it get released within MS Patch tuesday ? Nope
...
...
I never said you were lying or anything like it I just pointed that your "belief"/"iirc" was wrong. Which it is. Don't feel insulted or trolled, I'm not insulting/trolling you, I'm just stating a fact.
Also I never denied that you figured out an easy way to remove this rootkit and others. Again I don't know where you read in my post that I implied so
besides, since it seems that you're a bit too young to know that, "screaming" here actually means "writting with capslock on".
Oh and it still is not a Word macro problem, as stated on Microsoft website
how to get this Duqu worm in computer and how do you come to know that from the worm they tried to steal information on Wednesday splash12
Wasn't Stuxnet connected with the US government in the end? Could there be a governmental connection with Duqu as well?
Except stupid people without a moral compass that end up in congress...
Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance. Or non-governmental agencies with an interest in destruction. There is nothing more dangerous than smart people without a moral compass.
I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.
Evolution hasn't prepared us for the post-religion era.
FATMOUSE + YOU = FATMOUSE
apk- the most interesting thing to happen in slashdot since 2003.
is apk a group or one individual though?
world was created 5 seconds before this post as it is.
I think my company needs to be aware of this and take proper precautions.
All computers should be turned off all day Wednesday to prevent Duqu stealing information.
As a computer programmer- I especially like the sound of this preventative measure.
"That's the way to do it" - Punch
To be fair, it's hard to dispute that it wasn't Israeli code with significant US assistance. But I haven't really seen anybody "convicting" them over it.
I thought Stuxnet was a master stroke. Disrupt someone's nuclear capability as effectively as bombing, but without any collateral damage and covertly enough that they can't link it to you solidly enough to consider it an act of war.
Genius, IMHO.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Sounds like a great premise for a future Bond movie! Not saying it's not real, just that there's room for a script in your concept too..
They aren't so stupid if they keep ending up in congress and do reasonably well for themselves and those they care about.
If the voters like to vote for people who seem stupid, the even the smart ones will pretend to be stupid if they want to keep getting elected.
obviously Duqu was written by ultraterrestrials.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
"hard to dispute"
Why? What magical insight do you possess that can support this opinion? By the time the phrase "hard to dispute" multiplies and mutates across the Internet millions of times people start thinking of it as a factual statement when it was only someones unsupported opinion. The Internet was supposed to be this great medium for spreading information but instead it's turned into the biggest bullshit spreader ever invented. There is no "true and false" or "right and wrong" anymore there is only "my side and your side" and that's what will end up destroying everything.
I can't wait for the day you get your wish. Seriously.
(Wikipedia and its citations)
You were doing well until you went off on some weird tangent about factual relativism. Not sure where that came from. All "hard to dispute" means is that it's not easy to dispute - not that it can't be done. But there is significant evidence that nation-states were involved, and the propensity of evidence suggests two nation-states in particular.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
You're like the timecube guy, but with a hardon for HOSTS files. You should have a TV show, you're an Andy Kaufman-style comedy genius!
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
I have no doubt there were nation state security agencies involved. Groups like ANonymos or Lulz don't even come close to having the capabilites to do something like this. To build and deploy Stuxnet required in-depth knowledge of the PLC systems and centrifuge technical data, 2 valid security certs that were stolen from 2 different companies located in Japan, physical access to get the memory stick into a very secure environment, 2 0-day exploits, and very sophisticated engineers and programmers. The facilities where the memory sticks were first deployed used a 3rd party Russian company who had the contract and access to the systems infected. Siemens, the PLC manufacturer, is a German corporation and would be in the best position to provide in-de[th technical information on their products, and to top it off a sizable amount of money would have been required to pull this off. There are numerous countries with the necessary engineering resources. There are also a lot of countries who have a motive to sabotage the Iranian nuclear program. Some of the Wiki-leaks documents revealed even a number of middle eastern countries had been asking for US help to stop the Iranian program for years. The US and/or Israel "could" have been the ones responsible but there is no definitive evidence that can prove this.
The "hard to dispute" was a mistake on my part. the statement claimed that it is hard to dispute that the US or Israel are the guilty parties which I interpreted as someone saying the US or Israel definitely did it but we can't actually prove it.
Really? I haven't noticed a problem on Lion or Mint
Non impediti ratione cogitationus.
The general moral principle making the distinction here is the "no personal stake" rule. From the bible, the established principle is that almost any crime (but specifically stealing and killing) is forgivable under the following condition : the perpetrator cannot have any stake, either financially, socially, politically, or whatever, in the crime, and there is no reasonable option to avoid the crime.
This is how e.g. police authority works in the western world : a police officer is paid to stand between perpetrators and a victims. If he decides to shoot a suspect (who is nothing but a suspect at this point), he can only do so if the intent is to protect others and nothing more than protect others. If self-interest is involved, even tangentially, it's murder. Note also that this crime is only forgiven : it is *NOT* morally OK to shoot anyone, no matter how horrible the crime he was committing, or how few options the killer had. It is merely forgiveable, in the sense that there are no consequences. Anyone is free to act as a police officer under the same set of rules (if that's what it takes to prevent him from pressing a bomb-belt button, you will be forgiven for breaking the neck of a terrorist in court, or even shooting the guy point-blank. You will however get judged on this action).
You see how this rule would apply here ? You get to hack around for others' gain, but not for your own, not even indirectly : being "paid" to hack others in your employer's intrest is wrong (which is why "white hat" hackers are OK : it's perfectly allright to hack your employer, or even your customers, if they so desire). These hackers are in clear violation of that principle.
(btw. the reason this is a good dividing line is that it's brilliant in it's simplicity. E.g. islam uses the principle for police authority that the state has the right to kill anyone for any reason, in war or peace, without needing an excuse or even an explanation. They do not even consider themselves to have the duty to inform next-of-kin or anyone. If a "muslim court" (which is a very nebulous concept, e.g. most terror organisations justify themselves partially like this, without any outside authority) decides to do something, they quite literally send a mob to kill you, and throw your body in the nearest ditch. This is how it worked 1500 years ago, and in a lot of places, this is how it works today)
By work I meant spamming posts. I didn't actually read any of them.
404: sig not found.
Never underestimate the power of stupid people in large groups.
And indeed economics confirms that being the sole "smart" person in a group of stupid people is not nearly as smart as you'd think :
A Darwinian enigma (generally, following the group is the wisest course of action, almost regardless of how stupid it is)
That's of course why atheism works : it's a double standard.
It's mathematical equivalent is to demand cooperation in the prisoner's dilemma, yet fail to cooperate yourself. It is inherently destructive behavior which will end once the default switches. When, by default, people refuse to help each other, atheism will wither and die. And every "convert" to atheism brings that day closer.
All of what you claim to require is available for dollars (or yen, as it was in Japan apparently - didn't know that).
You know which organisation would by far have the easiest time doing this ? Siemens itself. Anyone on this list, for example :
Siemen's management
If they think it their duty to be responsible, stuxnet may be part of that, no ? Then again, it's a corporation ... I don't know.
I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.
Evolution hasn't prepared us for the post-religion era.
I have to disagree with what you say; I don't think that religion is a necessary prerequisite for morality. The relation between morality and religion is a complex one, and difficult to untangle—particularly because some religions, such as the Judaic and Muslim—have taken great pains to impose a legal code on their followers. This has led to the confused notion that you can't be good without also being religious, something that would be quite frightening if it were true. Consider the number of atheists, agnostics, and people with a very dim understanding of the faiths they profess to follow who inhabit the world. It would be far worse than it is if these were all completely lacking in any moral sense. No, one can be brought up as a kind, considerate, and conscientious man, even though he lacks any sort of deep faith. I think this is obvious; truly, have you never met such people?
It's also important to understand that not all faith regards moral laws as being of prime significance. Christianity, for one, is actually not a legalistic faith at all, in that it does not view the relationship of faith and law as being causational. I can demonstrate this by quoting from the New Testament. For example, those who haven't heard the Teaching may have a conscience:
Or, more amusingly, faith does not make the devil good:
And it can go the other way: conscience can precede faith. The famous Swiss theologian, Karl Barth, became a Christian because of the revulsion he felt at the end of the Second World War when he learned in full of all the evils of that dreadful conflict. He asked himself about the source of this moral revulsion. Why did he feel appalled when he learned about the massacres and the concentration camps? Why did he feel that these things were evil? He reasoned that if there is evil, then there must be a contrast: good. How could you realize that you're in the dark if you had never seen light? Barth reasoned that his revulsion was the result of a moral sense that had been implanted in him by his maker—God. It's part of the firmware, you might say.
I think we're living in a society that is in the process of breaking down, and the increasing immorality we see around us is just one of the signs of this. You see, the firmware can be overwritten. It can be erased by peer pressure, by poor or inadequate guidance from parents and teachers, by cultural values reinforced in the "media". In fact, if you've ever raised children, you get to observe first-hand that the firmware isn't booted at birth: it is supposed to be triggered by growing up in a supportive environment that provides good examples, that reinforces good deeds, and corrects out-of-bounds behavior. This society no longer provides such an environment. And that will be fatal: massive bad behavior leads to complete social catalysis. There's a reason why the code was written that way.
Great men are almost always bad men--Lord Acton's Corollary
Well I did claim significant amounts of money was required for this project. And if any corporation was involved I doubt the plan was presented to the board of directors for a vote. It only takes one person to breech corporate internal security and gain access to any information they need. This is were the money can make the biggest difference.
I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.
Evolution hasn't prepared us for the post-religion era.
I have to disagree with what you say; I don't think that religion is a necessary prerequisite for morality. The relation between morality and religion is a complex one, and difficult to untangle—particularly because some religions, such as the Judaic and Muslim—have taken great pains to impose a legal code on their followers. [...]
I never said otherwise... and reading your well-thought-out post, I see we already think alike on this subject.
I am one of those Camus-style thinkers who, on seeing that in our world "All is permitted" (Camus quoting Machievelli), develops a moral code and takes it seriously, even though "in reason, there is no reason to", as they say.
And yes, I'm aware of Rand's credible effort to rationally derive a moral code, which is entirely correct yet can't (to my satisfaction) answer the free-rider problem.
FATMOUSE + YOU = FATMOUSE
http://it.slashdot.org/comments.pl?sid=2523490&cid=38053886
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
Usually commercial corporations and most non-security related government agencies rely on simple but thorough background checks to fulfill their due diligence when it comes to security. But that doesn't mean a person with a squeaky clean background and high level security clearance won't change their mind for the right amount of money. I still find internal corporate security measures weak and practically useless for a determined person. There are only a very small handful of corporations I have worked for that took internal security seriously and these corporations were mainly defense contractors.
this is a profession now. Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance.
You treat this like it is evil, and also make the reasonable assumption that a TLA of some government is behind this. I don't see how those go together really, unless you think it is evil for a person to support his country. How is this any different from a person paid to operate a submarine, bomber, or tank? It looks the same to me.
I differentiate between America and the Homeland. I am a loyal patriotic American citizen; I support the Constitution, and insist that the government observe that document to the letter. As the regime currently in power in Washington has, on numerious occasions, chosen to act in flagrant disregard for the Constitution, citing as its reason the requirements of "Homeland security", I conclude that this regime—or at least parts of it—does not serve America, but is loyal to this newly created entity called the "Homeland". Naturally, I do not support the Homeland regime, as I regard it to be inimical to true American values and Constitutional law. Anyone who now serves in a position of authority in the United States of America, or who serves in the armed forces of that country, should be asking himself which of those two entities has a claim on his loyalty.
Great men are almost always bad men--Lord Acton's Corollary
I don't think that developing a new moral code is either helpful or necessary; I'm not even convinced that it's possible. I don't think that our problem is a lack a of moral rules, nor that it can be solved by philosophers sitting around and thinking up better ones. I fear that our society has simply become one in which evil is tolerated and encouraged, and where the things that are valued are, in fact, worthless. To cite just one relatively trivial example, the adulation of "celebrities" is foolish and morally destructive. These "celebrities" (essentially, people who are famous for being well-known) are held up as examples. So silly people think that celebrities are important, and want to become like them. Yet the behavior of these "ideals" is often abominable (and, at best, mindless). What kind of society has ideals such as these? We've already discussed another example: the definition of "success" in our society, which amounts to "make more money, buy more toys, step on anyone who gets in your way, and live like there is no tomorrow."
From what you said earlier, it seemed to me that you think our old ethics have somehow become outdated. I don't think that's the case. What is outdated about "love thy neighbor?" Or, for that matter, "Love thy enemy?" Is forgiveness outdated? But you are clearly a thoughtful person; I don't think you meant to say this. I think perhaps you were lamenting the fact that it is more difficult to convince people to be good in these deteriorating times because our old educational methods—such as invoking God The Punisher— no longer work. There may be some truth in this—I suppose there are always people who behave well because they fear being punished. To that I say: we should never have relied on such methods in the first place! (No, I'm not silly enough to think that everyone will behave well if they are liberated from false God-derived fear: such people must, regrettably, be made to fear the lawful authorities.)
I think that neither moral rules nor judicial laws are really needed for a person to be ethical. Ethics does not, at least in my view, require a logical justification, nor does it require a set of either rules or laws. What kind of person has to riffle through a rule book before he can decide on a right action in the moral dilemma that he faces? I can't imagine anyone doing this—except maybe for an autist who is trying to stay out of trouble. Ethics is a matter of character; it has to do with the innate nature and quality of a person.
Being good is often hard, but it hasn't changed over the ages. To discover ethical guidance, look into yourself; read what is "written on your heart". Once you have done this, then the hardest part comes: doing what is right. No, it's not simple; no, all people will not agree on what is right in every instance. But just because it is not simple does not mean that it is false.
Thank you for your thoughtful remarks; you've made me think about these issues.
Great men are almost always bad men--Lord Acton's Corollary