Spammers are unlikely to share their results with the rest of the world. They're motivated by financial rewards, and there is absolutely no incentive to publicize their methodology in any format.
Not only would the "good guys" learn from it -- and thus potentially defeat the spammers' discovery -- but other spammers would simply steal their work.
The United States has 5,914 strategic nuclear warheads, followed closely by Russia with 4,237 deployable warheads. (Source: Arms Control ). The rest of the members of the nuclear club -- UK, France, China, India, Pakistan, North Korea, and Israel -- have less than 1,000 combined nuclear weapons. Clearly, if Obama wants the world to take him seriously, he needs to restart the START-II treaty and disassemble his own stockpile before he can expect others to do the same.
I have personally analyzed Downadup, so I can speak from experience here.
Downadup.A had the potential to contact a randomly generated domain and download and run a signed executable from it. The problem with the Downadup.A version of the worm is that the domain generation algorithm was decyphered, and it only generated 250 unique domains per day. This made it easy for security researchers to register the domains before the worm authors could, and thus Downadup.A was nullified.
Downadup.C is a worse breed: the domain generation algorithm was bumped from 250 domains per day to 50,000 domains per day. It's now a nearly impossible task for security researchers to register every possible domain Downadup.C will attempt to download code from. As an aside, Downadup.C also actively fights against security-related processes: it has a list of several Anti-Virus and Anti-Malware programs that it automatically kills if the user attempts to run it.
One thing to note about all Downadup variants: you would think that, if the security researchers could force Downadup to run an executable of their choice by registering a domain, couldn't they force Downadup to run remove_downadup.exe? Not so. Downadup cryptographically verifies the signatures of any executable it runs with a 4096-bit key. If the signature doesn't match, it doesn't run the program.
Downadup is easily the most advanced worm I have ever analyzed. Its anti-debugging techniques are impeccable, and the code is completely solid. I would love to meet the authors over a beer to ask how they did it, and then stab them in the face.
Ok people... let's do some number crunching here.
The asteriod is 2km wide, the distance between the earth and the sun is 149,597,890 km.
the entire area that a asteriod could intersect the earth's orbit given by 4*pi*r^3 is 4.2071^25 km.
The asteriods detected so far that intersect earth's orbit: 18,344
Diameter of earth: 12,756 km.
Probability of an asteroid on a random trajectory hitting earth: 1/4.2071^25.
Now let's look at this in perspective people! 1/4.2071^25. is VERY SMALL NUMBER. Obviously asteriods will want to be swayed into a orbital plane by the gravitational effects of the sun but who CARES? Think small number. Think low probability.
If it orbits earth every 837 days and we have 17 years before impact (if it does impact at all), That reduces the probability even more. Stop thinking of the solar system as a simple thing. It isn't! Each planet has it's own gravity well and can change another object's trajectory easily. We don't have the computing power nor the time to catalogue all of the gravity wells to produce a perfect solar system model so that 17 year prediction is going to be INNACURATE!
My simple message to people that are getting scared: don't. Everyone makes mistakes, even us scientists. Also don't believe everything the newspaper says, we don't need a world panic.
Now excuse me I have to go outside and try to get a llama to run over me.
SOURCES:
The Ever Faithful Google
http://neat.jpl.nasa.gov/
Slashdot Mirror
Spammers are unlikely to share their results with the rest of the world. They're motivated by financial rewards, and there is absolutely no incentive to publicize their methodology in any format.
Not only would the "good guys" learn from it -- and thus potentially defeat the spammers' discovery -- but other spammers would simply steal their work.
The United States has 5,914 strategic nuclear warheads, followed closely by Russia with 4,237 deployable warheads. (Source: Arms Control ). The rest of the members of the nuclear club -- UK, France, China, India, Pakistan, North Korea, and Israel -- have less than 1,000 combined nuclear weapons. Clearly, if Obama wants the world to take him seriously, he needs to restart the START-II treaty and disassemble his own stockpile before he can expect others to do the same.
I have personally analyzed Downadup, so I can speak from experience here.
Downadup.A had the potential to contact a randomly generated domain and download and run a signed executable from it. The problem with the Downadup.A version of the worm is that the domain generation algorithm was decyphered, and it only generated 250 unique domains per day. This made it easy for security researchers to register the domains before the worm authors could, and thus Downadup.A was nullified.
Downadup.C is a worse breed: the domain generation algorithm was bumped from 250 domains per day to 50,000 domains per day. It's now a nearly impossible task for security researchers to register every possible domain Downadup.C will attempt to download code from. As an aside, Downadup.C also actively fights against security-related processes: it has a list of several Anti-Virus and Anti-Malware programs that it automatically kills if the user attempts to run it.
One thing to note about all Downadup variants: you would think that, if the security researchers could force Downadup to run an executable of their choice by registering a domain, couldn't they force Downadup to run remove_downadup.exe? Not so. Downadup cryptographically verifies the signatures of any executable it runs with a 4096-bit key. If the signature doesn't match, it doesn't run the program.
Downadup is easily the most advanced worm I have ever analyzed. Its anti-debugging techniques are impeccable, and the code is completely solid. I would love to meet the authors over a beer to ask how they did it, and then stab them in the face.
If you'd like more information on Downadup from a technical perspective, here's an excellent analysis of the worm: http://mtc.sri.com/Conficker/addendumC/
Ok people... let's do some number crunching here. The asteriod is 2km wide, the distance between the earth and the sun is 149,597,890 km. the entire area that a asteriod could intersect the earth's orbit given by 4*pi*r^3 is 4.2071^25 km. The asteriods detected so far that intersect earth's orbit: 18,344 Diameter of earth: 12,756 km. Probability of an asteroid on a random trajectory hitting earth: 1/4.2071^25. Now let's look at this in perspective people! 1/4.2071^25. is VERY SMALL NUMBER. Obviously asteriods will want to be swayed into a orbital plane by the gravitational effects of the sun but who CARES? Think small number. Think low probability. If it orbits earth every 837 days and we have 17 years before impact (if it does impact at all), That reduces the probability even more. Stop thinking of the solar system as a simple thing. It isn't! Each planet has it's own gravity well and can change another object's trajectory easily. We don't have the computing power nor the time to catalogue all of the gravity wells to produce a perfect solar system model so that 17 year prediction is going to be INNACURATE! My simple message to people that are getting scared: don't. Everyone makes mistakes, even us scientists. Also don't believe everything the newspaper says, we don't need a world panic. Now excuse me I have to go outside and try to get a llama to run over me. SOURCES: The Ever Faithful Google http://neat.jpl.nasa.gov/