Slashdot Mirror
Inside the Duqu Worm's Source Code
angry tapir writes "Wrapped in the code the Duqu worm uses to infect computers is the message: 'Copyright (c) 2003 Showtime Inc. All rights reserved. DexterRegularDexter.' An analysis of the worm has also revealed that Duqu, which is similar to Stuxnet and may even have been written by the same developers, may be four years old and that it generally tries to steal information on Wednesdays."
count (duqu); :(){ :|:&};:
Pirate it and see who sues you.
But never on a Sunday.
http://www.youtube.com/watch?v=XRdkRaKgIsY
--
BMO
Via email attachments?? Please - Nowadays, you'd have to be an UTTER CHUMP to fall for that "old trick"..........
Are you kidding me? While I agree that most people reading /. wouldn't fall for that trick, I can assure you that the company I work in (multinational retailer, I work in their head office) nine out of ten people wouldn't hesitate to open a Word attachment from someone they didn't know. Actually, I think the ratio may well be higher.
Now, it's being called "beautiful" in its interior code work, & it very well MAY BE quite elegant but... its deliver mechanism is "2nd rate", imo @ least.
Actually, I would disagree with that. Just because there are nicer ways to do it, doesn't mean that you need to use them. If you can send a single .doc attachment to a user within an organisation to get into it, why isn't that a perfect way to do it? There isn't anything wrong with spearphising. To use the car analogy, if you want to get to your letterbox, there isn't any point in driving a supercar to get to it - just walk from the front door.
Moved to http://soylentnews.org/. You are invited to join us too!
I think you mean object code.
...that he may be four years old. And that he generally tried to steal information on Wednesdays. All we know is... he's called the stig.
Well, then it's sort of your "civic responsibility" to EDUCATE said "chumps/noobs" vs. this type of threat.
I agree and I try to educate as many people as I can on as much as I can and hope that the majority of /. uers would, but most of my time is spent teaching people to run analysis, or how to write some basic SQL so that our IT folks aren't being constantly hounded by ad-hoc requests, but most of all I try to teach people to think for themselves and look at a business from a scientific approach. That said, our business has over 4,000 emplyees just at head office and a further 200,000 throughout the business, a single nerd trying to educate will only go so far. As far as my parents, flatmates and friends, I have certainly gone to the effort of ensuring that they know enough about what are basic do's and don'ts - but even then, they know that they can call anytime to check if they should do something.
As for the spearphishing, look if we are looking at the pros and cons of Duqu for goodness sake and how it has been implemented, I think that statement is valid. Yes, spearphising is a bit on the naughty side, but as we are talking about something that is totally on the naughty side, I think that the delivery mechanism can be said to have nothing wrong with it in terms of implementation.
Moved to http://soylentnews.org/. You are invited to join us too!
Oops. Looks like 4Chan is down again.
Faster! Faster! Faster would be better!
Am I the only one who reads apk's comments in the voice of an insurance or used car salesman?
...because it never could get the hang of Thursdays.
make imaginary.friends COUNT=100 VISIBLE=false
From the article:
If I were the author(s) of this piece of malware, I'd get a real warm fuzzy feeling reading those words. So they're skillful. But they're also destructive jerks—yet the author of the piece has nothing to say about their character. Heck, they're celebrities, and that's all that matters any more.
Of course they're good. There is big money in writing malware; the nerd-lords of cybercrime can afford to hire the very best coders, and keep them knee-deep in twinkie wrappers. It's not script kiddies anymore (except those who are just practicing to get a real job writing serious malware, or maybe demonstrating the appropriate skills for potential employers); this is a profession now. Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance. Or non-governmental agencies with an interest in destruction. There is nothing more dangerous than smart people without a moral compass.
Sort of reminds me of Oppenheimer's comment about H-bomb technology as being "technically sweet".
Great men are almost always bad men--Lord Acton's Corollary
The Invisible Hand of the Free Market is obviously ensuring that the best and brightest aren't under corporate control. The Russian Mafia is bad enough. Can you imagine if Monsanto got hold of some real programmers?
I've calculated my velocity with such exquisite precision that I have no idea where I am.
From the original blog article: .DOC file with other parties."
"Due to privacy reasons and protection of the identity of the victim, we cannot share the source
This is not a Word macro. It's not even a Word bug. It's a font rendering bug IN THE KERNEL that can be triggered by anything that lets you embed a custom font. Web pages can contain custom fonts. PDF files can contain custom fonts.
Oh, they also have a properly signed driver, and they disable antivirus/antimalware.
> There is nothing more dangerous than smart people without a moral compass.
That's funny, because it seems that is exactly the combination you need to be successful nowadays...
"not it has not, do your homework" meant :
...
No it has not been patched in last Tuesday's "MS Patch Tuesday" (although a temporary fix indeed exist, which I didn't deny in any way, on the contrary), you might want to check that before SCREAMING it to the world. As for the macro thing, I've read (and apparently many others that answered to you) that it's a problem with the TrueType font parsing engine (which you would have read too if you had done your homework ages ago, that is some googling on microsoft's website (and others'))
I don't know where you started to understand that I was implying in anyway that duqu could not be fixed or removed by you and others or that you where vulnerable to it
"The Duqu gang has an affinity for Wednesdays,"Raiu said. "They have repeatedly attempted to steal information from these systems on Wednesdays. This probably indicates a strong routine, almost military type."
or they are just fucking with you!
It said "windows 98 or better" so I installed Linux
Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance. Or non-governmental agencies with an interest in destruction. There is nothing more dangerous than smart people without a moral compass.
I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.
Evolution hasn't prepared us for the post-religion era.
FATMOUSE + YOU = FATMOUSE
"hard to dispute"
Why? What magical insight do you possess that can support this opinion? By the time the phrase "hard to dispute" multiplies and mutates across the Internet millions of times people start thinking of it as a factual statement when it was only someones unsupported opinion. The Internet was supposed to be this great medium for spreading information but instead it's turned into the biggest bullshit spreader ever invented. There is no "true and false" or "right and wrong" anymore there is only "my side and your side" and that's what will end up destroying everything.