Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Globe and Mail)   Stuxnet was just a preview. Welcome Flame   (theglobeandmail.com) divider line 105
    More: Scary, Stuxnet, Kaspersky, gold mine, keystrokes, Hang Seng, computers  
•       •       •

13574 clicks; posted to Main » on 29 May 2012 at 11:04 AM (3 years ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



105 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | 3 | » | Last | Show all
 
2012-05-29 11:06:00 AM  
images.wikia.com

Approves
 
2012-05-29 11:06:51 AM  
Mideast?

I'm ok with this
 
2012-05-29 11:07:20 AM  
Good thing they would never use something like this against U.S. citizens
 
2012-05-29 11:08:32 AM  
I like my hackers straight and their viruses flaaaammiinnngg...
 
2012-05-29 11:08:46 AM  
Stuxnet affected PLCs and industrial control system software - this is a plain old computer virus. Although I'm sure my mom will forward it to me with a "PLEASE READ, VERIFIED TRUE." header soon enough.
 
2012-05-29 11:13:13 AM  
Here is a better article: http://www.wired.com/dangerroom/2012/05/spy-rock/

"Among Flame's many modules is one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer's near vicinity; a module that turns Bluetooth-enabled computers into a Bluetooth beacon, which scans for other Bluetooth-enabled devices in the vicinity to siphon names and phone numbers from their contacts folder; and a module that grabs and stores frequent screenshots of activity on the machine [...] The malware also has a sniffer component that can scan all of the traffic on an infected machine's local network and collect usernames and password hashes that are transmitted across the network."
 
2012-05-29 11:13:34 AM  

Moderate Threadjacker: Good thing they would never use something like this against U.S. citizens


With Stuxnet unless you are running a nuclear centrifuge you really don't have much worry. Would have to see more info on Flame(r) to determine what it's after/how it's coded.

5 years and only 5k machines for a worm is WAY LOW so it's looking for something specific before launching on a specific system.

It's not so much the complexity as much as the specificity of these things. Most worms are written to attack as many systems as possible very quickly because the writters know that a certain percentage are going to be caught as soon as AV/IDS signatures are updated. So they tend to be sloppy enough or "loud" enough that they get caught fairly quickly.

A worm/virus written for very specific software can go under the radar if the writer knows they have years to work on the spread. Which is why the assumption that a governement is behind it. You either need to know the code for the little used/known software to determine the flaws to attack, and/or you need to have years to get what you are after.
 
2012-05-29 11:14:36 AM  

KangTheMad: Mideast?

I'm ok with this


Next we need to hit China. I want some satisfaction. My servers are port scanned by the Chinese a few times a day.
 
2012-05-29 11:15:18 AM  
sure hope this does not interrupt the jihadist's porn flow

4.bp.blogspot.com
 
2012-05-29 11:16:06 AM  
 
2012-05-29 11:16:22 AM  
I have UAC turned on. I'm safe.
 
2012-05-29 11:16:58 AM  
Scary - Stuxnet was just a preview.

Obvious tag still hungover from yesterday?
 
2012-05-29 11:16:58 AM  
TFA: "Certain file names associated with the threat are identical to those described in an incident involving the Iranian Oil Ministry."

If this doesn't scream Mossad, I don't know what does.
 
2012-05-29 11:17:16 AM  
It's a good thing I run Linux.
 
2012-05-29 11:18:59 AM  
PLCs are pretty easy to hack. Generally companies leave them on the default password or set it to 111111 or 123456.
 
2012-05-29 11:19:09 AM  
detroitdoesntsuckthatbad
2012-05-29 11:08:46 AM

Stuxnet affected PLCs and industrial control system software - this is a plain old computer virus. Although I'm sure my mom will forward it to me with a "PLEASE READ, VERIFIED TRUE." header soon enough.


Flame is not so much a 'plain old virus' as it is a sophisticated general purpose trojan... albeit one highly targeted at middle eastern interests. It's relatively huge for a trojan, and spends a lot of time communicating with it's operator. It defaults to stealing IMs, screenshots, and voice conversations once it's activated, but can then be configured remotely based on what the operator wants it to do. It's theoretically capable of everything Stuxnet was and more.

This guy is a weapon, almost certainly developed by a powerful government. I'm guessing that there are exactly 2 governments in the world with both the capabilities and the interest in screwing Iran to deploy it.
 
2012-05-29 11:20:52 AM  
No Icy Hot Stuntaz yet? Fark, I am disappoint.
 
2012-05-29 11:22:12 AM  

Sir Not Sure The Unscannable: TFA: "Certain file names associated with the threat are identical to those described in an incident involving the Iranian Oil Ministry."

If this doesn't scream Mossad, I don't know what does.


Read the Wired Danger Room article linked in the thread. It's better. It suggests the Oil Ministry malware and Flame are not the same. However, in looking for infections related to the Oil Ministry machines they found Flame.
 
2012-05-29 11:22:18 AM  
i1221.photobucket.com
 
2012-05-29 11:23:39 AM  
darn it, Linux is too smart for Flame.
 
2012-05-29 11:25:24 AM  

Fubini: It's a good thing I run Linux.



its not fair!! Windows gets all the excitement. Linux is so boring.
 
2012-05-29 11:25:48 AM  

Moderate Threadjacker: "Among Flame's many modules ... [snip] ... are transmitted across the network."


Sounds pretty powerful. But will it make me fall in love with a penguin?
 
2012-05-29 11:26:00 AM  

innereardistortion: Flame is not so much a 'plain old virus' as it is a sophisticated general purpose trojan... albeit one highly targeted at middle eastern interests. It's relatively huge for a trojan, and spends a lot of time communicating with it's operator. It defaults to stealing IMs, screenshots, and voice conversations once it's activated, but can then be configured remotely based on what the operator wants it to do. It's theoretically capable of everything Stuxnet was and more.


I uh.. wah? No no no no no. Stuxnet was a highly specialized worm with an end-game target of wrecking havoc on specific PLCs in specific configurations that specifically controlled what most likely were uranium enrichment centrifuges. It was compact, tidy, and extremely optimized.

This Flame program looks like it's more of an all around espionage tool. It's big and has lots of options.
 
2012-05-29 11:27:16 AM  
If this has been spreading throughout the middle east predominantly, wouldn't it make sense for it to be US-created? Not Middle East created? Bet we're getting some great anti-terror intel from this baby!
 
2012-05-29 11:27:20 AM  
"Kaspersky says it can also turn computers into eavesdropping devices, taking information from phones that could be nearby."

//and everyone said I was nuts when I pointed out that a T.V. connected to cable could be used and reversed to spy on you in your home.....
 
2012-05-29 11:28:36 AM  

Grither: If this has been spreading throughout the middle east predominantly, wouldn't it make sense for it to be US-created? Not Middle East created? Bet we're getting some great anti-terror intel from this baby!


Stuxnet was thought o be either US-born, Israeli-born, or of dual citizenship, for kinda obvious reasons.
 
2012-05-29 11:28:51 AM  

Linux_Yes: darn it, Linux is too smart for Flame.


Also, no one can figure out how to consistently and reliably enable the microphone or copy-paste on Linux.
 
2012-05-29 11:30:37 AM  

This text is now purple: Linux_Yes: darn it, Linux is too smart for Flame.

Also, no one can figure out how to consistently and reliably enable the microphone or copy-paste on Linux.


It's OK, I wrote my own operating system. I'm hoping to add USB support sometime next year.
 
2012-05-29 11:33:01 AM  

SkunkWerks: Grither: If this has been spreading throughout the middle east predominantly, wouldn't it make sense for it to be US-created? Not Middle East created? Bet we're getting some great anti-terror intel from this baby!

Stuxnet was thought o be either US-born, Israeli-born, or of dual citizenship, for kinda obvious reasons.


My guess is actually a joint US/Israeli/German project. The German involvement would explain the access to Siemens systems
 
2012-05-29 11:33:22 AM  
Fubini:

It's a good thing I run Linux.

These viruses have been exploiting the same flaw in Windows for YEARS. Somebody ought to do those poor sods a favor and write a virus that erases Windows and installs Linux instead.
 
2012-05-29 11:33:59 AM  

This text is now purple: Also, no one can figure out how to consistently and reliably enable the microphone or copy-paste on Linux.


Maybe Linux needs this with some of the options being the ability to remotely download working drivers and install them?
 
2012-05-29 11:34:11 AM  

uber humper:

Next we need to hit China. I want some satisfaction. My servers are port scanned by the Chinese a few times a day.


Sina delenda est!
 
2012-05-29 11:34:44 AM  

Fubini: This text is now purple: Linux_Yes: darn it, Linux is too smart for Flame.

Also, no one can figure out how to consistently and reliably enable the microphone or copy-paste on Linux.

It's OK, I wrote my own operating system. I'm hoping to add USB support sometime next year.


That is awesome you should try and sell it to them as a better program

//if it works they will just steal it from you ) :
 
2012-05-29 11:34:56 AM  
 
2012-05-29 11:37:43 AM  

innereardistortion: detroitdoesntsuckthatbad
2012-05-29 11:08:46 AM

Stuxnet affected PLCs and industrial control system software - this is a plain old computer virus. Although I'm sure my mom will forward it to me with a "PLEASE READ, VERIFIED TRUE." header soon enough.

Flame is not so much a 'plain old virus' as it is a sophisticated general purpose trojan... albeit one highly targeted at middle eastern interests. It's relatively huge for a trojan, and spends a lot of time communicating with it's operator. It defaults to stealing IMs, screenshots, and voice conversations once it's activated, but can then be configured remotely based on what the operator wants it to do. It's theoretically capable of everything Stuxnet was and more.

This guy is a weapon, almost certainly developed by a powerful government. I'm guessing that there are exactly 2 governments in the world with both the capabilities and the interest in screwing Iran to deploy it.


Do you know the difference between control hardware like a PLC or VFD and a computer with "IMs, screenshots, and voice conversations"? This thing is a completely different animal than Stuxnet. Not saying it isn't dangerous but to say its "capable of everything Stuxnet was and more" is incorrect.

/design control systems for a living, formerly upgrading substations to NERC-CIP standards.
 
2012-05-29 11:39:35 AM  

acronym: [i1221.photobucket.com image 640x480]


Oooooo, that's icy hot!
 
2012-05-29 11:39:46 AM  
The Flame virus is absolutely en fuego. It only attacks those filthy gay computers.
 
2012-05-29 11:40:45 AM  
Only way it could be more obvious if we'd signed it "UNC1E SIZZAM". Awesome. Who else has the capacity/budget to sift through that much random data, the ability to make it useful, and the need to do so in the middle east?

Iranians/others have probably had that crazy thing worming its way around their systems for years.
 
2012-05-29 11:44:20 AM  
I hope it won't affect any Iranian missile tests. They're crazy enough as it is.

2.bp.blogspot.com
 
2012-05-29 11:44:51 AM  
Grither:

If this has been spreading throughout the middle east predominantly, wouldn't it make sense for it to be US-created? Not Middle East created? Bet we're getting some great anti-terror intel from this baby!

Yeah, the Arabic version of "Mom, I'm still at the Mall with Fatima. But I'm so bored: all she wants to do is stand around in the magazine store mooning over pictures of that Justin Bieber creep. And this Canadian exchange student keeps trying to talk to her in French. Since Dad cut off my allowance I can't afford a cab home and there's no way I'm standing around here waiting for her mom to pick us up. Could you please come get me please? I have studying to do. Call me back, okay?"
 
2012-05-29 11:45:25 AM  

Sir Not Sure The Unscannable: TFA: "Certain file names associated with the threat are identical to those described in an incident involving the Iranian Oil Ministry."

If this doesn't scream Mossad, I don't know what does.


Except that Israeli computers are infected, too.
 
2012-05-29 11:49:06 AM  

The One True TheDavid: uber humper:

Next we need to hit China. I want some satisfaction. My servers are port scanned by the Chinese a few times a day.

Sina delenda est!


seriously?

Elephantus non capit murem.
 
2012-05-29 11:49:31 AM  
Does everything have to have an internet connection? When I read that they had problems on the LHC and nuke plants; I can only wonder why you connect those computers to the net.
 
2012-05-29 11:49:46 AM  

Nogale: Except that Israeli computers are infected, too.


Hi.
 
2012-05-29 11:53:36 AM  

This text is now purple: Linux_Yes: darn it, Linux is too smart for Flame.

Also, no one can figure out how to consistently and reliably enable the microphone or copy-paste on Linux.



if you knew how to use Google, it would be embarrassing how simple it really is. but hey, why should you have to lift a finger to learn anything. let Monopoly$oft do it for you. after all, they have YOUR best interest at heart.
 
2012-05-29 11:54:28 AM  
is this why battle.net is down?
 
2012-05-29 11:55:09 AM  
A flame virus?

I think it's otherwise known as "owning a Dell"

www.geekologie.com
 
2012-05-29 11:57:57 AM  

Nogale: Sir Not Sure The Unscannable: TFA: "Certain file names associated with the threat are identical to those described in an incident involving the Iranian Oil Ministry."

If this doesn't scream Mossad, I don't know what does.

Except that Israeli computers are infected, too.


Just to throw the trail off!

We are through the looking glass, people.
 
2012-05-29 11:57:58 AM  

Nogale: Except that Israeli computers are infected, too.


A government with an internal spy program? That's unpossible!

Fubini: It's a good thing I run Linux.


Don't worry, this is the year of Linux on the desktop so you 'll soon be able to enjoy malware like the windows folks.

/The only way I could be less serious would be to change my name to Shirley.
 
2012-05-29 12:00:41 PM  
This is neither good nor harmless. There is nothing to stop the targets of this attack from analyzing the code and then using the same code against the attackers. The same vulnerabilities exist in computers around the world. Like gun ownership where is good chance that gun will be wrested away and used against you. This technology is now "in the wild" and ready to improved upon (by rogue governments and organized crime) and unleashed on the general population.

You have cheer at the destruction of Iranian centrifuges, but you may not be so cheery about Russian mobsters using the same code to clean out your bank account.
 
Displayed 50 of 105 comments

First | « | 1 | 2 | 3 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter






In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report