Archive for October, 2012

Infamous “OpenSC.WS” is back

It would seem that the infamous “Security research” forum (trojan coding forum) called OpenSC.WS is back up. The admin “reine” claims he was traveling and missed the billing email, and claims that was the reason for this extended down time. There is no word on whether the constant DDOS attacks will continue now that this forum is back up, I suspect it won’t be long before they start up again.

So what does this mean for us, security wise? It means that there will now, once again be more viruses being used in the public. While many of OpenSC‘s users left for other forums, there are still others who waited patiently for it’s return to start selling malware again. While this won’t cause an increase in extremly hazardous malware like FLAME or StuxNet, you can expect to see more RATs (Remote Administration Tools) and small bitcoin mining malware (Bitcoin is an online currency frequently used for illicit business). So I suggest you all set up those anti-virus and firewalls, and tread carefully.

Please let me know if you are interested in a particular topic for my next post
Advertisements

, , , , , , , , , ,

4 Comments

Stuxnet, Duqu, Flame, and Gauss.

Stuxnet, Duqu, Flame, and now, Gauss. These four malwares are some of the most dangerous out there. They are all coded fairly similarly, which brings up the question, are they coded by the same person? We can’t really know for sure, but I believe that the answer is yes and no.

As you may be aware, some time ago, HBGary Federal was experimenting with stuxnet decompiles, and suspected to be planning on using it for their own purposes. The hacker group Anonymous intercepted multiple emails and compromised one of their servers to find that they had most of the stuxnet source code. Anonymous then released this source to the public. A While after this, we see Duqu appear. While Duqu is very similar to Stuxnet, it is still quite different. This leads us to believe that while it was based on the source of Stuxnet, the version released by Anonymous, it was coded, or modified, by someone else.

After that, we encounter Flame. This malware is very different, although many of its features are quite similar. Many thought Flame was an attack by a government, possibly the US. There is little to no evidence to support this, although it is entirely possible. This malware was also derived from the stuxnet source, although it was modified a great deal more than Duqu. So, once again, this is most likely from another coder entirely.

Now, a newer malware was detected, and named “Gauss”.While much of this malware is still unknown  as its main payload is fairly heavily encrypted, it seems to fall in with Stuxnet, Duqu, Flame, etc. There are also some who think this is another governmental espionage virus. While I do not know much about this malware, it does seem likely that governments are relying heavily on things like malware for infosec and things of that nature. Things like Flame could even be used to shut down power grids, take  over full control of a network, etc, which could be extremely useful.

As soon as I learn more about Gauss, or the relationship between all these trojans/malware I will let you know.

More on Gauss
http://www.crysys.hu/
Eset

Stuxnet source
github

Credits
Eset
Crowdleaks

, , , , ,

Leave a comment