The Anatomy of Stuxnets Code

Gepostet vor 6 Jahren, 1 Monat in #Misc #Coding #Security #Virus

Share: Twitter Facebook Mail

Wired über Stuxnet, die Leute die den Virus analysiert und decodiert haben. Der Artikel ist zwar superlang, dabei aber extrem spannend, liest sich wie ein HighTech-Thriller.

When you’ve seen as many viruses and worms as O Murchu has, you can glance at a piece of malware and know instantly what it does — this one is a keystroke logger, that one is a banking Trojan — and whether it was slapped together sloppily, or carefully crafted and organized. Stuxnet was the latter. It contained multiple components, all compartmentalized into different locations to make it easy to swap out functions and modify the malware as needed.

What most stood out, though, was the way the malware hid those functions. Normally, Windows functions are loaded as needed from a DLL file stored on the hard drive. Doing the same with malicious files, however, would be a giveaway to antivirus software. Instead, Stuxnet stored its decrypted malicious DLL file only in memory as a kind of virtual file with a specially crafted name.

It then reprogrammed the Windows API — the interface between the operating system and the programs that run on top of it — so that every time a program tried to load a function from a library with that specially crafted name, it would pull it from memory instead of the hard drive. Stuxnet was essentially creating an entirely new breed of ghost file that would not be stored on the hard drive at all, and hence would be almost impossible to find.

O Murchu had never seen this technique in all his years of analyzing malware.

How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History (Danke Robert!)

Malware encoded in DNA hacks Gene-Sequencer

Ich hatte hier schon öfter über DNA als Speicher geschrieben, GIFs, ein OKGo-Album, Wikipedia-Kunst, Gedichte und sogar Urheberrechtsverletzungen wurden alle…

Monospaced Programming Fonts with Ligatures

Didn't know these exist, love it: Monospaced Programming Fonts with Ligatures. Three of the most interesting and thoughtful monospaced programming…

Stereographic Torus Knot

I'm not sure what's going on here but I like it: „This is very similar to Rise Up, though with…

Transparent Lockpick-Training-Set

Gestern für nen Dreißiger bestellt, weil ich mich schon mehr als einmal ausgesperrt habe und Schlüsseldienst zu teuer is: Lock…

3D-Rendering accepted as ID-Photo

Herr Raphaël Fabre hat ein 3D-Rendering als Passfoto eingereicht und ist damit durchgekommen. An den Haaren hätten sie's eigentlich erkennen…

Very Bad Volume Control Interfaces

Vor einer Woche postete Redditor Jacobone dieses Interface für Lautstärkeregelung von irgendeiner Win-App. Then this happened: r/ProgrammerHumor/search?q=volume&restrict_sr=on. Because ofcourse it…

Zalgo Droplet

A Javascript-Droplet „to invoke the hive-mind representing chaos. Invoking the feeling of chaos. With out order. The Nezperdian hive-mind of…

C64-Demo generates itself from Soundtrack

Gewinnerdemo der Revision 2017 von Linus Akesson, ein C64-Hack in 256 Bytes: A Mind is born. Ich verstehe ja noch…

Binary Keyboard

Nette Spielerei von Chris Johnston: „A two-button backlit mechanical keyboard that types ASCII values, one bit at a time.“ (via…

Digital-Uhr in Conways Game of Life

Großartig: Eine Digital-Uhr in John Horton Conways zweidimensionalen zellulären Automaten: Get the design from this gist. Copy the whole file…

A Banana Keytar and more from Stupid Hackathon: Inverted Eyetracker-Pong, Robot Porn Addict or the Shitty Sharpie Tattoo Gun)

Ein weiterer Fav vom Stupid Hackathon NYC 2017, die Banana-Keytar von Amanda Lange. Auch geil: der Twitter-Bot Robot Porn Addiction,…