Inside the Duqu Worm's Source Code 157
angry tapir writes "Wrapped in the code the Duqu worm uses to infect computers is the message: 'Copyright (c) 2003 Showtime Inc. All rights reserved. DexterRegularDexter.' An analysis of the worm has also revealed that Duqu, which is similar to Stuxnet and may even have been written by the same developers, may be four years old and that it generally tries to steal information on Wednesdays."
well.. (Score:5, Funny)
count (duqu); :(){ :|:&};:
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Seriously? That was one of the worst characters in the Star Wars saga!
I know how to find the authors! (Score:5, Funny)
Pirate it and see who sues you.
Re:I know how to find the authors! (Score:5, Funny)
Copyright (c) 2003 Showtime Inc. All rights reserved. DexterRegularDexter.
I swear it had nothing to do with me!
Re: (Score:2)
That's exactly what somebody who was guilty would say.
But Dexter didn't debut until Oct 2006 (Score:1)
I think someone is fibbing!
Re: (Score:2)
Of course on a Wednesday or Thursday... (Score:3)
But never on a Sunday.
http://www.youtube.com/watch?v=XRdkRaKgIsY [youtube.com]
--
BMO
Re: (Score:1)
Source code? (Score:3)
Some say... (Score:5, Funny)
Re: (Score:2, Funny)
For those unfamiliar with Stig, here he is, prior to racing cars [youtube.com].
Re: (Score:1)
Ah (Score:2)
they all just talk "about" the thing and never show it for real - source or object. Kinda boring!
Re: (Score:3)
From the original blog article [securelist.com]: .DOC file with other parties."
"Due to privacy reasons and protection of the identity of the victim, we cannot share the source
Re: (Score:2)
What's got a victim identity have to do with the program source- or object code of a program?
Zilch!
Whoever has access to it should take an example of the CCC who were pretty open about the content of their Trojans found.
Why 2003? (Score:1)
I wonder why 2003. Didn't the show start in 2006?
Wednesdays... (Score:4, Funny)
...because it never could get the hang of Thursdays.
If only my boss had said such nice things about me (Score:5, Insightful)
From the article:
If I were the author(s) of this piece of malware, I'd get a real warm fuzzy feeling reading those words. So they're skillful. But they're also destructive jerks—yet the author of the piece has nothing to say about their character. Heck, they're celebrities, and that's all that matters any more.
Of course they're good. There is big money in writing malware; the nerd-lords of cybercrime can afford to hire the very best coders, and keep them knee-deep in twinkie wrappers. It's not script kiddies anymore (except those who are just practicing to get a real job writing serious malware, or maybe demonstrating the appropriate skills for potential employers); this is a profession now. Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance. Or non-governmental agencies with an interest in destruction. There is nothing more dangerous than smart people without a moral compass.
Sort of reminds me of Oppenheimer's comment about H-bomb technology as being "technically sweet".
Re: (Score:3)
The Invisible Hand of the Free Market is obviously ensuring that the best and brightest aren't under corporate control. The Russian Mafia is bad enough. Can you imagine if Monsanto got hold of some real programmers?
"No personal stake" principle is violated here (Score:2)
The general moral principle making the distinction here is the "no personal stake" rule. From the bible, the established principle is that almost any crime (but specifically stealing and killing) is forgivable under the following condition : the perpetrator cannot have any stake, either financially, socially, politically, or whatever, in the crime, and there is no reasonable option to avoid the crime.
This is how e.g. police authority works in the western world : a police officer is paid to stand between per
Re: (Score:2)
this is a profession now. Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance.
You treat this like it is evil, and also make the reasonable assumption that a TLA of some government is behind this. I don't see how those go together really, unless you think it is evil for a person to support his country. How is this any different from a person paid to operate a submarine, bomber, or tank? It looks the same to me.
I differentiate between America and the Homeland. I am a loyal patriotic American citizen; I support the Constitution, and insist that the government observe that document to the letter. As the regime currently in power in Washington has, on numerious occasions, chosen to act in flagrant disregard for the Constitution, citing as its reason the requirements of "Homeland security", I conclude that this regime—or at least parts of it—does not serve America, but is loyal to this newly created entity
Re:If only my boss had said such nice things about (Score:5, Insightful)
> There is nothing more dangerous than smart people without a moral compass.
That's funny, because it seems that is exactly the combination you need to be successful nowadays...
Re: (Score:1)
Of course for a defined/limited version of "success"
Re: (Score:2)
Re: (Score:2)
If the voters like to vote for people who seem stupid, the even the smart ones will pretend to be stupid if they want to keep getting elected.
Re: (Score:2)
Never underestimate the power of stupid people in large groups.
And indeed economics confirms that being the sole "smart" person in a group of stupid people is not nearly as smart as you'd think :
A Darwinian enigma [science20.com] (generally, following the group is the wisest course of action, almost regardless of how stupid it is)
Re: (Score:2)
That's of course why atheism works : it's a double standard.
It's mathematical equivalent is to demand cooperation in the prisoner's dilemma, yet fail to cooperate yourself. It is inherently destructive behavior which will end once the default switches. When, by default, people refuse to help each other, atheism will wither and die. And every "convert" to atheism brings that day closer.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
To be fair, it's hard to dispute that it wasn't Israeli code with significant US assistance. But I haven't really seen anybody "convicting" them over it.
I thought Stuxnet was a master stroke. Disrupt someone's nuclear capability as effectively as bombing, but without any collateral damage and covertly enough that they can't link it to you solidly enough to consider it an act of war.
Genius, IMHO.
Re: (Score:3)
Why? What magical insight do you possess that can support this opinion? By the time the phrase "hard to dispute" multiplies and mutates across the Internet millions of times people start thinking of it as a factual statement when it was only someones unsupported opinion. The Internet was supposed to be this great medium for spreading information but instead it's turned into the biggest bullshit spreader ever invented. There is no "true and false" or "right and wrong" anymore there is only
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
All of what you claim to require is available for dollars (or yen, as it was in Japan apparently - didn't know that).
You know which organisation would by far have the easiest time doing this ? Siemens itself. Anyone on this list, for example :
Siemen's management [siemens.com]
If they think it their duty to be responsible, stuxnet may be part of that, no ? Then again, it's a corporation ... I don't know.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance. Or non-governmental agencies with an interest in destruction. There is nothing more dangerous than smart people without a moral compass.
I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.
Evolution hasn't prepared us for the post-religion era.
Re: (Score:2)
I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.
Evolution hasn't prepared us for the post-religion era.
I have to disagree with what you say; I don't think that religion is a necessary prerequisite for morality. The relation between morality and religion is a complex one, and difficult to untangle—particularly because some religions, such as the Judaic and Muslim—have taken great pains to impose a legal code on their followers. This has led to the confused notion that you can't be good without also being religious, something that would be quite frightening if it were true. Consider the number of a
Re: (Score:2)
I'd noticed that too. Religion was once the source of our moral compass, but it is thoroughly discredited now, and no replacement has risen to the task. Leftism sort of tried with various Collectivist / Utilitarian approaches, but was doomed to fail by its Skepticist "No one can be certain of anything" ideological foundation.
Evolution hasn't prepared us for the post-religion era.
I have to disagree with what you say; I don't think that religion is a necessary prerequisite for morality. The relation between morality and religion is a complex one, and difficult to untangle—particularly because some religions, such as the Judaic and Muslim—have taken great pains to impose a legal code on their followers. [...]
I never said otherwise... and reading your well-thought-out post, I see we already think alike on this subject.
I am one of those Camus-style thinkers who, on seeing that in our world "All is permitted" (Camus quoting Machievelli), develops a moral code and takes it seriously, even though "in reason, there is no reason to", as they say.
And yes, I'm aware of Rand's credible effort to rationally derive a moral code, which is entirely correct yet can't (to my satisfaction) answer the free-rider problem.
Re: (Score:2)
I don't think that developing a new moral code is either helpful or necessary; I'm not even convinced that it's possible. I don't think that our problem is a lack a of moral rules, nor that it can be solved by philosophers sitting around and thinking up better ones. I fear that our society has simply become one in which evil is tolerated and encouraged, and where the things that are valued are, in fact, worthless. To cite just one relatively trivial example, the adulation of "celebrities" is foolish and mor
Re: (Score:2)
Sounds like a great premise for a future Bond movie! Not saying it's not real, just that there's room for a script in your concept too..
wtf... (Score:4, Insightful)
"The Duqu gang has an affinity for Wednesdays,"Raiu said. "They have repeatedly attempted to steal information from these systems on Wednesdays. This probably indicates a strong routine, almost military type."
or they are just fucking with you!
the Wednesday Effect: (Score:2)
Really (Score:1)
AHA!!!! (Score:2)
I think my company needs to be aware of this and take proper precautions.
All computers should be turned off all day Wednesday to prevent Duqu stealing information.
As a computer programmer- I especially like the sound of this preventative measure.
Re: (Score:2)
genius
Re:The way it works though, via Word docs? (Score:5, Informative)
Via email attachments?? Please - Nowadays, you'd have to be an UTTER CHUMP to fall for that "old trick"..........
Are you kidding me? While I agree that most people reading /. wouldn't fall for that trick, I can assure you that the company I work in (multinational retailer, I work in their head office) nine out of ten people wouldn't hesitate to open a Word attachment from someone they didn't know. Actually, I think the ratio may well be higher.
Now, it's being called "beautiful" in its interior code work, & it very well MAY BE quite elegant but... its deliver mechanism is "2nd rate", imo @ least.
Actually, I would disagree with that. Just because there are nicer ways to do it, doesn't mean that you need to use them. If you can send a single .doc attachment to a user within an organisation to get into it, why isn't that a perfect way to do it? There isn't anything wrong with spearphising. To use the car analogy, if you want to get to your letterbox, there isn't any point in driving a supercar to get to it - just walk from the front door.
Re: (Score:2)
However in this application it serves it purpose, obfuscation, hiding criminally professionally paranoid uses of the stuxnet virus past, present and very likely future or at the least future discoveries. Likely some supposed pretend allies have been stuck with variants of the stuxnet virus and the original perpetrators are trying to hide their digital stab in the back of their would be partners.
Re: (Score:3)
Well, then it's sort of your "civic responsibility" to EDUCATE said "chumps/noobs" vs. this type of threat.
I agree and I try to educate as many people as I can on as much as I can and hope that the majority of /. uers would, but most of my time is spent teaching people to run analysis, or how to write some basic SQL so that our IT folks aren't being constantly hounded by ad-hoc requests, but most of all I try to teach people to think for themselves and look at a business from a scientific approach. That said, our business has over 4,000 emplyees just at head office and a further 200,000 throughout the business,
Re: (Score:3)
Oops. Looks like 4Chan is down again.
Re:The way it works though, via Word docs? (Score:4, Funny)
Am I the only one who reads apk's comments in the voice of an insurance or used car salesman?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
apk- the most interesting thing to happen in slashdot since 2003.
is apk a group or one individual though?
Duqu doesn't work that way. (Score:2, Insightful)
This is not a Word macro. It's not even a Word bug. It's a font rendering bug IN THE KERNEL that can be triggered by anything that lets you embed a custom font. Web pages can contain custom fonts. PDF files can contain custom fonts.
Oh, they also have a properly signed driver, and they disable antivirus/antimalware.
Re: (Score:1)
YES - That stalls it dead, & iirc, it's been PATCHED already as of last Tuesday's "MS Patch Tuesday", every 2nd tuesday of the month...
no, it has not ... they released a "temporary fix" (besides it was qualified has a "workaround", not sure wether it means "a fix that will last a few days before we need another one" or not), but not in time to be included in November's "ms patch Tuesday". Guess it will be for next month ...
P.S.=> How is it working then, if it is NOT exploiting using macros? Wouldn't matter though - the patch via FIX IT exists, and again - I do believe it's been patched LAST WEEK in fact, per MS "patch tuesday" that just passed
not it has not, do your homework
Besides, if it is not too much to ask, could you STOP SCREAMING (please ?)
Re: (Score:2, Informative)
No it has not been patched in last Tuesday's "MS Patch Tuesday" (although a temporary fix indeed exist, which I didn't deny in any way, on the contrary), you might want to check that before SCREAMING it to the world. As for the macro thing, I've read (and apparently many others that answered to you) that it's a problem with the TrueType font parsing engine (which you would have read too if you had done your homework ages ago, that is some googling on microsoft's
Re: (Score:1)
I never said you were lying or anything like it I just pointed that your "belief"/"iirc" was wrong. Which it is. Don't feel insulted or trolled, I'm not insulting/trolling you, I'm just stating a fact.
Also I never denied that you figured out an easy way to remove this rootkit and others. Again I don't know where you read in my post that I implied so
besides, since it seems that you're a bit too young to know that, "screaming" here actually means
Re: (Score:2)
Re: (Score:2)
Really? I haven't noticed a problem on Lion or Mint
Re: (Score:1)
I never understood why old people gave up on the desire to change things for the better. While I still think this is generally true the 12 year old here makes something clear. You can't win every argument alone with an abundance of facts. Clear and concise wins every time if you are going to convince others they or some other party is wrong. I question the value or significance of hosts files in any serious way when used large scale. As a minority user they can have a positive impact on your browsing experi
Re: (Score:2)
Re: (Score:2)
Someone learnt how to use bold on slashdot, want a medal or something?
Re: (Score:1)
You're MORE than welcome to disprove the data in my init. post here http://it.slashdot.org/comments.pl?sid=2523490&cid=38045322 [slashdot.org] and GOOD LUCK (you WILL need it, along with contrary facts supporting you vs. the facts & data I posted there...).
Oh no. My wall of text comment was of two purposes. One to point out that you posted a giant wall of text. I was mocking your format not the content. I didn't bother to read it. Second point was to see if I could look more inane than you. I don't think I did.
Also, how in the world did you come up with all that text in 15 minutes?! I am astounded, alarmed and slightly impressed. I didn't read it or anything but that is a long chunk of text!