Quite frankly, for nearly everything that is currently offered as a commercial IoT gimmick the answer to "is my IoT device part of a botnet" is "yes, or at least it can easily become soon".
Sorry, meine Grammatik ist um einiges besser in Deutsch.
Then again, my degree isn't in English, so maybe I can get away with not knowing the finer nuances between having "cost something" and "something cost".
Your information is from the early 2000, at best. Or from some rather outdated antivirus tool. AV software is today way more than just a collection of hashes.
I can tell you exactly how much time a reverse engineer invests in a file that may or may not be malware: Zero seconds. There isn't even close to enough time to start looking at even a tiny fraction of all the potentially dodgy files that make it past the attention of an AV team. And there isn't also any need for this, we do have very sophisticated automated tools that do pretty much what you describe, create a VM environment and run the file. Well, it does a bit more than just run it, but let's keep it at that.;)
Usually that's enough to flag a file as "interesting", even if the malware code isn't executed in the normal branch for some reason, and this one managed to escape that detection routine. But this is much like the original trojan horse: A great idea the first time, but won't work again. Ever.
(and yes, I know about the video where they showed that people still fall for that most ancient of all tricks)
One that comes to my mind without looking stuff up would probably be the "end of an age" - "end of the world" translation error in the KJV. Maybe that's why people in the US fear the second coming while everyone else is waiting anxiously for it. It was corrected in the NKJV in 79, but apparently it was too late.
Mostly 'cause my degree costed like 5000 bucks. Our universities challenge your brain, not your wallet.
It's easy to get in, IIRC the financial investment is roughly 500 bucks a semester. Most of it is state funded. You'd assume that everyone and their dog takes that offer? You bet. So the university has zero, none, nada requirement or even interest to hold your hand and carry you through. You make it, great, if not, step aside you're holding the line up. Dropout rates are "insane" by US standards, but it has its advantages. First of all, those that do manage to get through this are good. Really, really good. And second, nobody has time for bullshit like "microaggressions" or "safe spaces".
All that is required for being an atheist is a lack of belief in a god. That doesn't keep you from believing in any other bullshit story (there's plenty of atheists that believe in aliens).
Every god in the history of mankind has always supported the ideas and actions of those that invented him. Gods and their "commandments" are by definition the mirror of the morals and ideals of the societies that create them.
Considering the whole mess that PC game was is a half-baked, barely ported console clone, one has to wonder whether that rootkit exists in the console version as well, and whether it can be used to gain control over the system...
Why should rootkits only work against the interests of the person owning... ok, that's saying too much, "being in the possession of" is a better term... the machine?
Great, so next time you buy a house I won't hear you complain about shoddy insulation, leaky windows, doors I cannot lock and moldy rooms because it has walls and a roof, so the most important things are there. But I promise to deliver the door locks and insulation within the month, promised. I'll also deliver the missing walls and shingles when we remove the mold.
Then 6 months later I come and charge you extra for all that. Without delivering it, of course.
I am sure I won't hear a single complaint from you, right?
SFV was already a mediocre, overpriced, overhyped and unfinished piece of junk. But this really is the dingleberry on top of the shit sundae.
Sic transit gloria Capcom. They really did make some awesome games in their time, but it seems today they rely on brand name alone to pump out turd after turd.
You do understand, I hope, that anitivirus and OS can't do jack against something the user wants to install, despite any and all warnings, yes? Which is, by the way, the way it SHOULD be, because the opposite is way worse: The OS deciding what I may and what I may not install on a computer I allegedly own.
I don't really know much about the stock market, so I could at best make a guess about why insider trading is forbidden. Most likely because law makers noticed that they have stocks but are usually not working in a position where they could get some insider information easily.
They probably dumped a file of each type into the sample set, to see what kind of documents the malware encrypts and in what way. Hence it is looking for TWO Word files.:)
This is rather odd, considering how manual malware reverse engineering works. Usually when you get a sample to dissect, you already know that it's a bogey. So it not doing what it's supposed to do is a quick way to become even more interesting, and finding that reason shouldn't take a good AV researcher more than an hour, tops.
It also doesn't really add to the complexity of the analysis, creating/copying a handful of documents into your VM isn't that big a deal, what you'll probably do is to clean up, copy the files in, create a new base image and run from there. The delay this would cause is minimal.
This as a hurdle for human researchers makes rather little sense, to be honest.
Viruses. In English, at least. In Latin, it would be vira. Third declination, not second.
And while I can at least understand that people who don't understand Latin but somehow learned that -us becomes -i in plural (yes, if it's 2nd and masculine instead of neuter), where the fuck does that second "i" come from?
Brilliant. Pure genius. Nobody ever could come up with this idea.
No, but seriously. The point is that this thwarts automatic detection tools. Of course, if a human is examining the malware, he will dissect it and analyze it and quickly realize that it counts documents. The automated tool will only notice that it does... well, nothing.
Just reword it to "Is my IoT device secure" and Betteridge's Law holds.
I built them myself.
Quite frankly, for nearly everything that is currently offered as a commercial IoT gimmick the answer to "is my IoT device part of a botnet" is "yes, or at least it can easily become soon".
Sorry, meine Grammatik ist um einiges besser in Deutsch.
Then again, my degree isn't in English, so maybe I can get away with not knowing the finer nuances between having "cost something" and "something cost".
Your information is from the early 2000, at best. Or from some rather outdated antivirus tool. AV software is today way more than just a collection of hashes.
The main joke being probably that in Germany, a low-end BMW is the stereotypical car for young Turks wanting to show off.
I can tell you exactly how much time a reverse engineer invests in a file that may or may not be malware: Zero seconds. There isn't even close to enough time to start looking at even a tiny fraction of all the potentially dodgy files that make it past the attention of an AV team. And there isn't also any need for this, we do have very sophisticated automated tools that do pretty much what you describe, create a VM environment and run the file. Well, it does a bit more than just run it, but let's keep it at that. ;)
Usually that's enough to flag a file as "interesting", even if the malware code isn't executed in the normal branch for some reason, and this one managed to escape that detection routine. But this is much like the original trojan horse: A great idea the first time, but won't work again. Ever.
(and yes, I know about the video where they showed that people still fall for that most ancient of all tricks)
One that comes to my mind without looking stuff up would probably be the "end of an age" - "end of the world" translation error in the KJV. Maybe that's why people in the US fear the second coming while everyone else is waiting anxiously for it. It was corrected in the NKJV in 79, but apparently it was too late.
Was this their ad?
Mostly 'cause my degree costed like 5000 bucks. Our universities challenge your brain, not your wallet.
It's easy to get in, IIRC the financial investment is roughly 500 bucks a semester. Most of it is state funded. You'd assume that everyone and their dog takes that offer? You bet. So the university has zero, none, nada requirement or even interest to hold your hand and carry you through. You make it, great, if not, step aside you're holding the line up. Dropout rates are "insane" by US standards, but it has its advantages. First of all, those that do manage to get through this are good. Really, really good. And second, nobody has time for bullshit like "microaggressions" or "safe spaces".
All that is required for being an atheist is a lack of belief in a god. That doesn't keep you from believing in any other bullshit story (there's plenty of atheists that believe in aliens).
Every god in the history of mankind has always supported the ideas and actions of those that invented him. Gods and their "commandments" are by definition the mirror of the morals and ideals of the societies that create them.
That is exactly the point of the whole damn subthread.
Considering the whole mess that PC game was is a half-baked, barely ported console clone, one has to wonder whether that rootkit exists in the console version as well, and whether it can be used to gain control over the system...
Why should rootkits only work against the interests of the person owning... ok, that's saying too much, "being in the possession of" is a better term ... the machine?
Great, so next time you buy a house I won't hear you complain about shoddy insulation, leaky windows, doors I cannot lock and moldy rooms because it has walls and a roof, so the most important things are there. But I promise to deliver the door locks and insulation within the month, promised. I'll also deliver the missing walls and shingles when we remove the mold.
Then 6 months later I come and charge you extra for all that. Without delivering it, of course.
I am sure I won't hear a single complaint from you, right?
That's one good example (a better one would actually be the Lenovo laptop blunder), another would would be the iPhone.
SFV was already a mediocre, overpriced, overhyped and unfinished piece of junk. But this really is the dingleberry on top of the shit sundae.
Sic transit gloria Capcom. They really did make some awesome games in their time, but it seems today they rely on brand name alone to pump out turd after turd.
You do understand, I hope, that anitivirus and OS can't do jack against something the user wants to install, despite any and all warnings, yes? Which is, by the way, the way it SHOULD be, because the opposite is way worse: The OS deciding what I may and what I may not install on a computer I allegedly own.
I don't really know much about the stock market, so I could at best make a guess about why insider trading is forbidden. Most likely because law makers noticed that they have stocks but are usually not working in a position where they could get some insider information easily.
They probably dumped a file of each type into the sample set, to see what kind of documents the malware encrypts and in what way. Hence it is looking for TWO Word files. :)
This is rather odd, considering how manual malware reverse engineering works. Usually when you get a sample to dissect, you already know that it's a bogey. So it not doing what it's supposed to do is a quick way to become even more interesting, and finding that reason shouldn't take a good AV researcher more than an hour, tops.
It also doesn't really add to the complexity of the analysis, creating/copying a handful of documents into your VM isn't that big a deal, what you'll probably do is to clean up, copy the files in, create a new base image and run from there. The delay this would cause is minimal.
This as a hurdle for human researchers makes rather little sense, to be honest.
That was in his excuses rolodex.
This is probably what is going to happen now. Until now, there wasn't really much of a reason to do it.
Viruses. In English, at least. In Latin, it would be vira. Third declination, not second.
And while I can at least understand that people who don't understand Latin but somehow learned that -us becomes -i in plural (yes, if it's 2nd and masculine instead of neuter), where the fuck does that second "i" come from?
Brilliant. Pure genius. Nobody ever could come up with this idea.
No, but seriously. The point is that this thwarts automatic detection tools. Of course, if a human is examining the malware, he will dissect it and analyze it and quickly realize that it counts documents. The automated tool will only notice that it does ... well, nothing.
Uh... well, judging from how you "fixed" the rest of the world... could we, you know, decline? I mean, with friends like this, who needs foes?