06.14.12
US virus declared lame. Or not.
EDITED AND ABETTED A FEW TIMES
Mikko Hypponen of F-Secure does a takedown of the Flame virus here.
It’s not really a takedown although the introduction is, as a teaser. The post is a good brief summary and discussion list of escalating technical points — follow the links — leading to the conclusion that, hmm, Flame was really not so lame, the opposite of the post title. (This is called burying the lede.)
When the Flame malware was found two weeks ago, it was characterized as ‘Highly advanced’, ‘Supermalware’ and ‘The biggest malware in history’.
These comments were immediately met with ridicule from experts who were quick to point out that there was nothing particularly new or interesting in Flame.
In fact, the only unique thing in Flame seemed to be its large size. Even that was not too exciting …
Recommended. You have to read all of it. Helps if you have some familiarity with the subject, too. (Of course, this is likely all wasted on a standard audience which, largely, has very little idea about what’s under the hood in malware.)
Discussions on the technical merits of viruses, or the lack of them, have been around as long as the anti-virus industry. Beauty varies depending on the vantage point and the eye of the beholder.
New viruses have always been described as super when first discovered, particularly if they become a handle to great publicity.
As the news piles higher, so does their alleged superior technical quality.
Indeed, this is what the news media loves to hear. It makes the story all the more urgent and exciting. The hearts of editors and journalists swell for they are the ones getting the message out on the newest thing to turn the world upside down.
Until the next virus.
A bit from The Virus Creations Labs, in 1994:
The Cryptic Morgue underground bulletin board system had a copy of the Mutation Engine which Newsweek reporters had mentioned in hysterical tones on March 6, the day of the Michelangelo virus’s activation in 1992, That virus had turned out to be something of a bust but, “beware the next round of computer viruses!” wrote the reporters,
I thought this was rather amusing. High school kids running a bulletin board system from their bedroom in Texas had access to “the scariest new virus … the Mutation Engine,” but Newsweek’s information gatherers didn’t. They’d just heard about it.
And the Mutation Engine wasn’t a virus. The Mutation Engine, or MtE for short, was a segment of code which provided any computer virus that used it with variable encryption, but only theoretically.
In practice the MtE was too difficult to use although the idea for its type of viral masking proliferated around the world.
The leading anti-virus vendor McAfee Associates showed the Mutation Engine to Steve Gibson — an excitable writer for the computer magazine Infoworld. He panicked publicly in a May column: “It is clear that the game is forever changed,” he wrote. The sophistication of the Mutation Engine is amazing and staggering.”
Gibson’s words made great quotes, perfect for anti-virus software releases. Central Point Software used the specter of the Mutation Engine in its direct advertising. Indeed, so did McAfee. Why should they not?
Vince McKiernan, a McAfee Associates vice president claimed, “We expect that the Mutation Engine will increase [the virus] problem exponentially for those with unprotected systems.”
Of course, if you a copy of SCAN by McAfee it was a different matter.
“Actually, we cracked this some engine some months ago and have been shipping product capable of detecting the Mutation Engine since March.”
As trade for access to virus bulletin board systems I wrote two variant viruses using the Mutation Engine. One was called CryptLab — which eventually was mentioned very briefly in a book called Approaching Zero, and one called Insufficient Memory which was included in one of the early issues of the e-zine, Crypt Newsletter.
They were used as barter for access to virus libraries. As actual spreading examples, Mutation Engine viruses weren’t successful. Jacking the code into new viruses was just too clumsy a task.
Because anti-virus companies used it as publicity, the had effective cures for it relatively quickly. That made use of it in new viruses pointless.
However, the technology it exploited was not pointless. In varying ways, it became widespread in computer virus programming.
How would one rate that? Superior? Sophisticated? Ahead of its time? Or just another thing to be summarily dealt with. It all depended on your outlook.
