EP_X0FF wrote:When did this guy turned into full of hysterics little girl? Is it global trend out there?So, what you want from the man who published links to SpyEye manuals in twitter as it PR-company? This is incurable already...
A forum for reverse engineering, OS internals and malware analysis
Just remove mssecmgr.ocx from Authentication Packages -> HKLM\SYSTEM\CurrentControlSet\Control\Lsa solves all your problems with Flame...
but, of course, "we issued a special tool for this" [this is sarcasm].
but, of course, "we issued a special tool for this" [this is sarcasm].
another interesting statement~
http://www.f-secure.com/weblog/archives/00002376.html
http://www.f-secure.com/weblog/archives/00002376.html
When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed.;)
What this means is that all of us had missed detecting this malware for two years, or more. That’s a failure for our company, and for the antivirus industry in general.
It’s not a fair war between the attackers and the defenders when the attackers have access to our weapons.
EP_X0FF wrote: I seems to be missed something in time perspective. When did this guy turned into full of hysterics little girl? Is it global trend out there?It is ridiculous how Mr. Hypponen takes advantage of Flamer hype to gain some media attention. His company had nothing to do with detection or analysis of the threat. Now he wants to take advantage from their failure by advertising himself and his company with expendable statements.
...
So I have advice for author - how about start doing better right now by stopping publishing such idiotic summaries? :)
Sad since I liked this guy, but he entered clownery status just like their blog which once was interesting to follow.
Malware Reversing
http://www.malware-reversing.com
http://www.malware-reversing.com
R136a1 wrote:You right, something happened with him, at least since last year...EP_X0FF wrote: I seems to be missed something in time perspective. When did this guy turned into full of hysterics little girl? Is it global trend out there?It is ridiculous how Mr. Hypponen takes advantage of Flamer hype to gain some media attention. His company had nothing to do with detection or analysis of the threat. Now he wants to take advantage from their failure by advertising himself and his company with expendable statements.
...
So I have advice for author - how about start doing better right now by stopping publishing such idiotic summaries? :)
Sad since I liked this guy, but he entered clownery status just like their blog which once was interesting to follow.
Mikko Hypeponen doing Pantene commercials in 3... 2... 1...
The Iranian cert has also released a cure (click on Flame link to download) http://www.certcc.ir/index.php?name=new ... e&sid=1900
Available here too http://i.haymarket.net.au/News/Remover.rar
Detected as risky by avs (bravo) https://www.virustotal.com/file/1376aea ... /analysis/
Also a tool an Hexacorn forensic blog http://www.hexacorn.com/blog/2012/05/31 ... err-flame/
With the rise of critical infrastructure targeted attacks, maybe an opportunity for the AV industry to design antivirus for Scada systems, and in the near future for Nespresso machines...what else...
http://www.tofinosecurity.com/blog/flam ... re-impacts
http://www.infosec.gov.hk/english/promo ... 318_01.pdf
http://www.us-cert.gov/control_systems/ ... pr2012.pdf
Not hermetic systems...as we can look for an information gathering target by a specialized search engine like Shodan
http://www.shodanhq.com/search?q=scada http://www.shodanhq.com/search?q=siemens
http://www.shodanhq.com/search?q=emerson http://www.shodanhq.com/search?q=honeywell
http://www.shodanhq.com/search?q=yokogawa
And many more weaknesses on this system without the use of the social engineering way like usb devices and co.
Eugene and Miko and the av industry have failed by design since the beginning.We know that.
But as for any country-USA, Iran, France, Russia and others-how can a critical system does not apply the abc of intrusion detection "that can not be detected should be prevented, that can not be prevented should be detected" ?
Rgds
Available here too http://i.haymarket.net.au/News/Remover.rar
Detected as risky by avs (bravo) https://www.virustotal.com/file/1376aea ... /analysis/
Also a tool an Hexacorn forensic blog http://www.hexacorn.com/blog/2012/05/31 ... err-flame/
With the rise of critical infrastructure targeted attacks, maybe an opportunity for the AV industry to design antivirus for Scada systems, and in the near future for Nespresso machines...what else...
http://www.tofinosecurity.com/blog/flam ... re-impacts
http://www.infosec.gov.hk/english/promo ... 318_01.pdf
http://www.us-cert.gov/control_systems/ ... pr2012.pdf
Not hermetic systems...as we can look for an information gathering target by a specialized search engine like Shodan
http://www.shodanhq.com/search?q=scada http://www.shodanhq.com/search?q=siemens
http://www.shodanhq.com/search?q=emerson http://www.shodanhq.com/search?q=honeywell
http://www.shodanhq.com/search?q=yokogawa
And many more weaknesses on this system without the use of the social engineering way like usb devices and co.
Eugene and Miko and the av industry have failed by design since the beginning.We know that.
But as for any country-USA, Iran, France, Russia and others-how can a critical system does not apply the abc of intrusion detection "that can not be detected should be prevented, that can not be prevented should be detected" ?
Rgds
Security? Yeah But Well: http://www.ouaismaisbon.ch/ )
kareldjag/michk wrote: Available here too http://i.haymarket.net.au/News/Remover.rarLOL.
Detected as risky by avs (bravo) https://www.virustotal.com/file/1376aea ... /analysis/