[EP_X0FF]

Hello,

welcome back.

What do you expect from this malware driver agent?

If someone supplies me with the Full install, i'll test it against my Security software ;) And post the results :)

TIA

[CloneRanger]

@ EP_X0FF

Hi, Thanks :)

As it's "supposed" to be a KeyLogger, amongst other things, i was hoping to discover how successful, or not, .GOV etc malware actually is ;) By seeing how several dedicated AntiKL's etc respond, or not, to it !

Im not aware of Anybody else Anywhere who has publically tested it this way, so i'd like to test it & publish the results.

A - It would be very revealing to see how desktop Antis deal with it, or not.

B - We would find out if .GOV malware/spyware is effective, or not, against such software & setups.

Regards

[kmd]

heh, who told u this is gov malware? av?
they loves fairy tales, take stuxnet as example

[rkhunter]

Do you think that Stuxnet not developed with help of government? The facts indicate the opposite.

[522586971]

Hi,
zhengWenbin in 360.cn said this appears in China in 15th,June.
and the dropper did not use 0day(that means he has the dropper)

But i do not known if he or 360.cn would like to share the sample or md5.


http://bbs.kafan.cn/thread-1111665-1-1.html

[rkhunter]

F-Secure http://www.f-secure.com/v-descs/backdoor_w32_duqu.shtml
Websebse http://community.websense.com/blogs/sec ... t-2-0.aspx
TrendMicro http://blog.trendmicro.com/keeping-tabs ... t-stuxnet/
Kaspersky http://www.securelist.com/en/blog/20819 ... u_Part_One
Avira http://techblog.avira.com/2011/10/21/st ... trduqu/en/
Norman http://blogs.norman.com/2011/security-e ... uxnet-lite

[rkhunter]

First was mentioned in boldi.phishing.hu at 8 Sept (jminet7.sys) http://webcache.googleusercontent.com/s ... clnk&gl=it by hungarian reseacher http://www.crysys.hu/members/bbencsath/ ... h-bio.html.

[522586971]

To frank_boldewin:
I don't have the permission to reply your PM so I post the reply here:
I am not working for securiry-related organizasion so I cannot ask them for virus a sample. :)

[rkhunter]

W32.Duqu was first brought to our attention by a research lab who had been investigating a targeted attack on another organization. This research was conducted by the Laboratory of Cryptography and System Security (CrySyS) in the Department of Telecommunications, Budapest University of Technology and Economics. CrySyS identified the infection and observed its similarity to W32.Stuxnet. They stated that no data was leaked as part of this attack.

http://www.symantec.com/connect/blogs/d ... s-update-1

[kmd]

Do you think that Stuxnet not developed with help of government? The facts indicate the opposite.

no i think u got me wrong
i'm not telling about nature of stuxnet, i'm telling this threat meaning is obviously overestimated
same here. millions of infected users? no, tdl - yes. any trouble with removal or detection? no/no. tdl - yes/yes. well advertised and pr-ed in blogs? yes. tdl -no.
perfectly fits paranoids needs? yes. tdl - no.