Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Flame | sKyWIper - 'the son of stuxnet' -

Fabio Pietrosanti (naif) lists at
Tue May 29 06:49:56 PDT 2012

Imho it does not have anything in common with stuxnet.

That's a "poor's man malware".

There just a lot of hype by the AV Vendors and CERTs to claim big
discovery and get new budget to "fight cyberwar"!

All news and reports try to make "comparison" with Stuxnet.

There is "NO RELATIONSHIP AT ALL" with stuxnet other than the marketing
intent of the media / malware analysis producer to increase the
media-coverage of their work.

Some consideration about previous statement and about the FUD intent of
most researchers/journalists:

- It does not attack PLC and/or any kind of industrial system (Stuxnet does)

- It's a fat binary (20MB of trojan it's not stealth)

- It's probably quickly coded (the fact of bundling LUA interpreter tell
us that the coder it's lazy and wanted to produce quickly usable code)

- It store all it's data in plan-text, standard SQLite3 database with no
protection / stealthness

- It does not do encryption (only "xor" even if people like to describe
like if it use "encryption").

- It does not have hidden/stealth startup method (known and already
used/detected startup methods)

So, imho it's just a big media hype over a not particularly advanced and
badly designed malware.


On 5/29/12 3:29 PM, Niels ten Oever wrote:
> Dear all,
> I would be very interested in your further analysis on the new cyber
> espionage software which has been identified as the next generation of
> Stuxnet which has been named Flame and/or sKyWIper - the son of stuxnet.
> Further reading here: and
> here:
> Looking forward for further discussion at the Human Rights Con and on
> the mailinglist.
> Cheers,
> Niels
> @conflictmedia
> Niels ten Oever
> Programme Coordinator
> S: nielstenoever
> E: tenoever at
> T: +31 356254309
> M: +31 613846622
> A digital signature can be attached to this e-mail,
> you need openPGP software to verify it. See:
> Key fingerprint = 8D9F C567 BEE4 A431 56C4 678B 08B5 A0F2 636D 68E9

More information about the liberationtech mailing list