Stuxnet, Duqu, Flame, and Gauss.

Stuxnet, Duqu, Flame, and now, Gauss. These four malwares are some of the most dangerous out there. They are all coded fairly similarly, which brings up the question, are they coded by the same person? We can’t really know for sure, but I believe that the answer is yes and no.

As you may be aware, some time ago, HBGary Federal was experimenting with stuxnet decompiles, and suspected to be planning on using it for their own purposes. The hacker group Anonymous intercepted multiple emails and compromised one of their servers to find that they had most of the stuxnet source code. Anonymous then released this source to the public. A While after this, we see Duqu appear. While Duqu is very similar to Stuxnet, it is still quite different. This leads us to believe that while it was based on the source of Stuxnet, the version released by Anonymous, it was coded, or modified, by someone else.

After that, we encounter Flame. This malware is very different, although many of its features are quite similar. Many thought Flame was an attack by a government, possibly the US. There is little to no evidence to support this, although it is entirely possible. This malware was also derived from the stuxnet source, although it was modified a great deal more than Duqu. So, once again, this is most likely from another coder entirely.

Now, a newer malware was detected, and named “Gauss”.While much of this malware is still unknown  as its main payload is fairly heavily encrypted, it seems to fall in with Stuxnet, Duqu, Flame, etc. There are also some who think this is another governmental espionage virus. While I do not know much about this malware, it does seem likely that governments are relying heavily on things like malware for infosec and things of that nature. Things like Flame could even be used to shut down power grids, take  over full control of a network, etc, which could be extremely useful.

As soon as I learn more about Gauss, or the relationship between all these trojans/malware I will let you know.

More on Gauss

Stuxnet source



Which Anti-Virus software should you use?

Many people have Anti-Virus software, but is it the best one? I usually don’t recommend to get an Anti-Virus/firewall bundle, as one company makes a better firewall, while another makes a better Anti-Virus. In this post, I will tell you which Anti-Virus/firewall software I recommend, and which ones to avoid.

Let’s start with free options. There are quite a few free Anti-Virus options out there, but most only work for a limited time, or have limited functionality. If you really don’t want to spend money on this, then I recommend Malwarebytes Anti-Malware. I have used this, and so have many of my friends and family, and it works great. It is perfect for a short term solution while you try to figure out what software to purchase. This is both a fire wall and a anti virus, and The ones I recommend you avoid are Avast and AVG, both free and premium versions. These are considered a joke by the very people who code and spread malware. This is nothing personall, they just are not that great. A good free firewall is Comodo. Combinng these two is a fairly decent security solution. Now onto a great paid solution.

My favorite and, I think, best Anti-Virus is ESET’s Nod32. It is one of the most up to date and fastest updating firewalls out there. This is the Anti-Virus that I use, and have for awhile. I recommend that you stay away from Norton products, the source of these have been leaked to the public, making it much easier for malware authors to avoid or bypass it. For firewall I recommend Kaspersky. It is one of the more “feared” firewalls for hackers and malware authors. These two togethor should be good enough to stop most attempted attacks. Always remember though, even the NSA gets hacked, so if you’re not carefull, you can be another victim to a yet unkown zero day. so be sure to stay safe online.


Which Anti-Virus and/or Firewall software do you prefer and why?