Last Comments

snorkel (Data Warehouse / …): Oracle seems like a huge …
frak (Article Bot is fi…): Well thanks for being the…
random (Article Bot is fi…): Curious Statement from th…
frak (Article Bot Spyin…): For the answer see this u…
Bob (Pivot 1.30 Alpha.…): And this is what a commen…

Search

Search for words used in entries on this website

Archives

01 Nov - 30 Nov 2007
01 Jun - 30 Jun 2007
01 Dec - 31 Dec 2006
01 Nov - 30 Nov 2006
01 Jul - 31 Jul 2006
01 Jun - 30 Jun 2006
01 Apr - 30 Apr 2006
01 Mar - 31 Mar 2006
01 Feb - 28 Feb 2006
01 Jan - 31 Jan 2006
01 Dec - 31 Dec 2005
01 Oct - 31 Oct 2005
01 Sep - 30 Sep 2005
01 Aug - 31 Aug 2005
01 Feb - 28 Feb 2005
01 Jan - 31 Jan 2005

Links

Miscellany

Powered by Pivot - 1.40.5: 'Dreadwind' 
XML: RSS Feed 
XML: Atom Feed 

« John Lennon's Imagine… | Home | Sony's Rootkit Infrin… »

Sober Worm Update system cracked

One of the nastiest/coolest (note: I am both a fan of the coding techniques used by some virus writers, and a loathe virus writers results at the same time) things about the Sober worm is the way it updates itself.

On the face of it, updates can be stopped by looking at the program and seeing where it grabs the updtes from - be it IRC or HTTP or anything else.  The problem with Sober is that the sites updates are downloaded from varied using crypto technology.

It seems F-Secure cracked this system in May, and have now informed the world of this only now.  Presumably so that evidence could be gathered against the author, or something similar.

frak


No comments:

No trackbacks:

Trackback link:

Please enable javascript to generate a trackback url

  
Remember personal info?

/ Textile

this is to stop spam bots causing me pain.
 

  (Register your username / Log in)

Notify:
Hide email:

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.