Flame authors order infected computers to remove all traces of the malware

"It locates every [Flame] file on disk, removes it, and subsequently overwrites the disk with random characters to prevent anyone from obtaining information about the infection," the Symantec researchers said. "This component contains a routine to generate random characters to use in the overwriting operation. It tries to leave no traces of the infection behind."

Reads to me as though it morphed. With a flame will come smoke.

Yes batman and the smokescreen.

BAMN! BOOM! KAPOW!

Now that is world class. Shrouded in the data cloud. Amidst adumbration.




reply to post by Maxmars


Do you mean to say. There might be singularity out there in the internetzwebzworldz. Learning growing becoming. I can dig it.

reply to post by emberscott


I like the way you think!

It's probably just an "out there" notion... I have lot's of those.

When "Smoke" surfaces... you can sell books about your psychic ability....

Originally posted by Maxmars
is it not possible that these packages are in fact machine "AI"-generated?

Anybody know anything about meta-programming decision-making code?

I wrote a thread on this subject a few months ago, I suspect you will find it interesting:

Self-Learning Virus (evolutionary algorithms)

I wanted to know if any hackers had already implemented my idea before I wrote that thread, and my research indicated to me that there has never been a self-learning virus (although I could be wrong, I didn't do excessive research). The most advanced viruses/worms that I could find used two interesting techniques (often at the same time). These techniques were self-modifying code and polymorphic code.

Self-modifying code is code that alters its own instructions while it is executing, and polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. So put into simpler terms, self-modifying code can actually change the instructions of its own code as it is executing, where as polymorphic code simply changes the way the instructions are written, but the instructions are still the same.

These methods are useful to virus makers because when you change the code, virus scanners have a harder time detecting the code, especially when the code can change on the fly. These methods can also help to produce obfuscated code (code which is hard to read), because you can't easily determine the function of the code when the instructions undergo polymorphic mutations and self-modifications before producing the final instructions.

The thing about these viruses however, is that they are "finite", in the sense there is only so many possible ways the instructions can be expressed and so many possible ways the code can be self-modified. In a truly self-learning virus the modifications would be dynamic and the code would change in an infinite number of ways. A self-learning virus would use evolutionary principles to produce unpredictable solutions to any given problem.

As far as I know there is no virus which actually adapts and changes by its self to work around unexpected problems, they all rely on the developers to create modules/components which the viruses must use to perform tasks they weren't programmed to perform (such as the deletion module for flame). A self-learning virus would develop its own code for solving problems without needing a developer to maintain it. IMO the future of viruses will be self-learning viruses.

This code is much more advanced than anything that has come before it. That in itself is interesting, but this is over the top for the scammers who usually make malware. This was not something written by one person, which isn't unusual, since much of the newer types of dirty programs have multiple authors...but this is different in its complexity, and would have taken a brilliant team of people to create. And when you ask yourself what exactly was this designed to perform, it is obvious that this was created by a professional group...Maybe even a government team.

I mean this has a lot of work in it. Someone just doesn't decide to put together at least a few brilliant people to create something like this if they were not planning on it doing something that was going to make it worth their time and effort. And the way this thing erases itself, by actually writing a random string of characters where any imprint of information would remain, tells me that not only did they not want to get caught, they couldn't get caught. I say this because this is above and beyond what is necessary if other precautions were taken.

Usually when something similar to this is created, there are certain methods utilized that trace back to someone else instead of you. I have a feeling that whoever created this was simply issuing all commands from their own network directly to the web, which is what I would expect from a government agency, since they don't have to worry about getting caught hacking or breaking any computer laws. Anyone else who is capable of creating and spreading something like this has no qualms about doing things illegitimately...at least from my point of view. Well, those are the reasons that make me personally believe this is a government created bug.

If I had to guess, there are only a handful of countries that would have done something like this...USA, China, Israel, Iran...Just a guess though. The only thing I really know for sure is that it wasn't the Swiss...lol. Maybe I'm wrong in understanding how this thing works and how the creators spread it and communicated with it during that time...it is entirely possible, lol.

reply to post by Maxmars


Just an update to Mr. Phelps Mission Impossible tape self destructing!

Flame authors order infected computers to remove all traces of the malware

Too late, the genie is out of the bottle. Researchers already have copies of this malware so this isn't going to stop anyone from further deconstructing and analyzing it.

reply to post by SyphonX


I would never use AV software that I didn't write myself. Being the updates couldn't be done by a single person, it's pointless to try. Besides, I can't write such software.

The point is, I still think such software is nearly useless. It doesn't protect against everything. I have had computer issues while using AV, and I was not "protected" somehow.

Never trust anyone writing any computer software really, unless it's open source, but AV often hogs resources and nags you. No thanks. I'll "take the risk."

I have never gotten a virus while not using AV. I have has "issues" that went away. (Suspicious issues.)Way to protect yourself? Don't visit weird porn sites. Don't download from iffy website. It's that easy. I realize there are risks and people can say how they got infected even with it. Well, I guess I'm just lucky. If someone wants something on your computer, there are ways to get it without hacking your computer, such as if you send the file. I suspect NSA and the rest have sophisticated methods to get into machines as well, that standard users would be easy targets of.

My advice is...if you want to be safe, don't even speak it out loud. If you want to be paranoid safe, don't even think it!

reply to post by yizzel

Too late, the genie is out of the bottle. Researchers already have copies of this malware so this isn't going to stop anyone from further deconstructing and analyzing it.

Exactly... I don't even see a logical reason why they would code an advanced self-deletion module when the virus already has code to delete its self. People already have the code, it's also probably in the public domain already (haven't checked though). It seems odd to me that they would do this for no apparent reason... there must be some sort of method to their madness though. I just don't know what that method is...

reply to post by ChaoticOrder


Well it could be that the suicide module was designed to do more than just uninstall itself, e.g leaving backdoors behind for future re-infections etc, maybe?

Whatever the reason, it was obviously important enough to send a new self-removal module rather than triggering the suicide code.

Originally posted by Maxmars
reply to post by emberscott

 

I like the way you think!

It's probably just an "out there" notion... I have lot's of those.

When "Smoke" surfaces... you can sell books about your psychic ability....

edit on 8-6-2012 by Maxmars because: (no reason given)

And who is to say that the ubiquitous and unavoidable ghost in the machine isn't a virus-propegating form of AI? They call it the ghost in the machine for a reason.

reply to post by yizzel


They sent in a new module to zero out the data. When they delet data from a hard drive it does not delet the data only the little tag that says here it is. Sort of like if I take down a street sign that says what road or data highway you are on. I did not delet the street itself. Zeroing out the data means the sign is taken down and the road itself is covered over to make it go completely away. TinyOS self delets itself if it gets no commands within a certain amount of time. But that would not zero itself out. Just delet the tags and eventually would be covered over with new data because of no tags. The new module is trying to hide all evidence. And I would say that would mean it has been more widely used then anybody has said so far. Probly the reason they kidnaped Kapersky's kid when he originally found it. He never said anything about Flame or Duqu even though he found STUXnet. I say they told him to back off and cover it up.

reply to post by JBA2848


Ahh, zeroing out the data, yep that makes sense. Although they should of thought of that when they created the original suicide module.