A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #9330  by EP_X0FF
 Fri Oct 21, 2011 12:49 am
Hello,

welcome back.

What do you expect from this malware driver agent?
CloneRanger wrote:If someone supplies me with the Full install, i'll test it against my Security software ;) And post the results :)

TIA
 #9331  by CloneRanger
 Fri Oct 21, 2011 2:02 am
@ EP_X0FF

Hi, Thanks :)

As it's "supposed" to be a KeyLogger, amongst other things, i was hoping to discover how successful, or not, .GOV etc malware actually is ;) By seeing how several dedicated AntiKL's etc respond, or not, to it !

Im not aware of Anybody else Anywhere who has publically tested it this way, so i'd like to test it & publish the results.

A - It would be very revealing to see how desktop Antis deal with it, or not.

B - We would find out if .GOV malware/spyware is effective, or not, against such software & setups.

Regards
 #9332  by kmd
 Fri Oct 21, 2011 3:29 am
heh, who told u this is gov malware? av?
they loves fairy tales, take stuxnet as example
 #9333  by rkhunter
 Fri Oct 21, 2011 6:32 am
Do you think that Stuxnet not developed with help of government? The facts indicate the opposite.
 #9345  by 522586971
 Fri Oct 21, 2011 1:58 pm
To frank_boldewin:
I don't have the permission to reply your PM so I post the reply here:
I am not working for securiry-related organizasion so I cannot ask them for virus a sample. :)
 #9348  by rkhunter
 Fri Oct 21, 2011 5:21 pm
W32.Duqu was first brought to our attention by a research lab who had been investigating a targeted attack on another organization. This research was conducted by the Laboratory of Cryptography and System Security (CrySyS) in the Department of Telecommunications, Budapest University of Technology and Economics. CrySyS identified the infection and observed its similarity to W32.Stuxnet. They stated that no data was leaked as part of this attack.
http://www.symantec.com/connect/blogs/d ... s-update-1
 #9352  by kmd
 Sat Oct 22, 2011 1:30 am
rkhunter wrote:Do you think that Stuxnet not developed with help of government? The facts indicate the opposite.
no i think u got me wrong
i'm not telling about nature of stuxnet, i'm telling this threat meaning is obviously overestimated
same here. millions of infected users? no, tdl - yes. any trouble with removal or detection? no/no. tdl - yes/yes. well advertised and pr-ed in blogs? yes. tdl -no.
perfectly fits paranoids needs? yes. tdl - no.