Search Mailing List Archives
[liberationtech] Flame | sKyWIper - 'the son of stuxnet' -
susannef at iwpr.net
Tue May 29 15:12:09 PDT 2012
is Wired part of the "media hype"?
They also compare it with Stuxnet. All bullocks?
On 29 May 2012 16:49, Fabio Pietrosanti (naif) <lists at infosecurity.ch>wrote:
> Imho it does not have anything in common with stuxnet.
> That's a "poor's man malware".
> There just a lot of hype by the AV Vendors and CERTs to claim big
> discovery and get new budget to "fight cyberwar"!
> All news and reports try to make "comparison" with Stuxnet.
> There is "NO RELATIONSHIP AT ALL" with stuxnet other than the marketing
> intent of the media / malware analysis producer to increase the
> media-coverage of their work.
> Some consideration about previous statement and about the FUD intent of
> most researchers/journalists:
> - It does not attack PLC and/or any kind of industrial system (Stuxnet
> - It's a fat binary (20MB of trojan it's not stealth)
> - It's probably quickly coded (the fact of bundling LUA interpreter tell
> us that the coder it's lazy and wanted to produce quickly usable code)
> - It store all it's data in plan-text, standard SQLite3 database with no
> protection / stealthness
> - It does not do encryption (only "xor" even if people like to describe
> like if it use "encryption").
> - It does not have hidden/stealth startup method (known and already
> used/detected startup methods)
> So, imho it's just a big media hype over a not particularly advanced and
> badly designed malware.
> On 5/29/12 3:29 PM, Niels ten Oever wrote:
> > Dear all,
> > I would be very interested in your further analysis on the new cyber
> > espionage software which has been identified as the next generation of
> > Stuxnet which has been named Flame and/or sKyWIper - the son of stuxnet.
> > Further reading here: http://www.crysys.hu/skywiper/skywiper.pdf and
> > here:
> > Looking forward for further discussion at the Human Rights Con and on
> > the mailinglist.
> > Cheers,
> > Niels
> > @conflictmedia
> > Niels ten Oever
> > Programme Coordinator
> > S: nielstenoever
> > E: tenoever at freepressunlimited.org
> > T: +31 356254309
> > M: +31 613846622
> > A digital signature can be attached to this e-mail,
> > you need openPGP software to verify it. See: http://is.gd/Y06WEs
> > Key fingerprint = 8D9F C567 BEE4 A431 56C4 678B 08B5 A0F2 636D 68E9
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> Should you need to change your subscription options, please go to:
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> You will need the user name and password you receive from the list
> moderator in monthly reminders. You may ask for a reminder here:
> Should you need immediate assistance, please contact the list moderator.
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Middle East Programme Manager
susannef at iwpr.net
mobile +961 70 211 219
This electronic mail message and any attached files are intended solely for the named recipients and may contain confidential and proprietary business information of the Institute for War & Peace Reporting (IWPR) and its affiliates. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail.
Institute for War & Peace Reporting. 48 Gray's Inn Road, London WC1X 8LT, UK. Registered with charitable status in the United Kingdom (charity reg. no: 1027201, company reg. no: 2744185); the United States under IRS Section 501(c)(3); and The Netherlands as a charitable foundation.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech