The Anatomy of Stuxnets Code

Gepostet vor 5 Jahren, 11 Monaten in #Misc #Coding #Security #Virus

Share: Twitter Facebook Mail

Wired über Stuxnet, die Leute die den Virus analysiert und decodiert haben. Der Artikel ist zwar superlang, dabei aber extrem spannend, liest sich wie ein HighTech-Thriller.

When you’ve seen as many viruses and worms as O Murchu has, you can glance at a piece of malware and know instantly what it does — this one is a keystroke logger, that one is a banking Trojan — and whether it was slapped together sloppily, or carefully crafted and organized. Stuxnet was the latter. It contained multiple components, all compartmentalized into different locations to make it easy to swap out functions and modify the malware as needed.

What most stood out, though, was the way the malware hid those functions. Normally, Windows functions are loaded as needed from a DLL file stored on the hard drive. Doing the same with malicious files, however, would be a giveaway to antivirus software. Instead, Stuxnet stored its decrypted malicious DLL file only in memory as a kind of virtual file with a specially crafted name.

It then reprogrammed the Windows API — the interface between the operating system and the programs that run on top of it — so that every time a program tried to load a function from a library with that specially crafted name, it would pull it from memory instead of the hard drive. Stuxnet was essentially creating an entirely new breed of ghost file that would not be stored on the hard drive at all, and hence would be almost impossible to find.

O Murchu had never seen this technique in all his years of analyzing malware.

How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History (Danke Robert!)

3D-Rendering accepted as ID-Photo

Herr Raphaël Fabre hat ein 3D-Rendering als Passfoto eingereicht und ist damit durchgekommen. An den Haaren hätten sie's eigentlich erkennen…

Very Bad Volume Control Interfaces

Vor einer Woche postete Redditor Jacobone dieses Interface für Lautstärkeregelung von irgendeiner Win-App. Then this happened: r/ProgrammerHumor/search?q=volume&restrict_sr=on. Because ofcourse it…

Zalgo Droplet

A Javascript-Droplet „to invoke the hive-mind representing chaos. Invoking the feeling of chaos. With out order. The Nezperdian hive-mind of…

C64-Demo generates itself from Soundtrack

Gewinnerdemo der Revision 2017 von Linus Akesson, ein C64-Hack in 256 Bytes: A Mind is born. Ich verstehe ja noch…

Binary Keyboard

Nette Spielerei von Chris Johnston: „A two-button backlit mechanical keyboard that types ASCII values, one bit at a time.“ (via…

Digital-Uhr in Conways Game of Life

Großartig: Eine Digital-Uhr in John Horton Conways zweidimensionalen zellulären Automaten: Get the design from this gist. Copy the whole file…

A Banana Keytar and more from Stupid Hackathon: Inverted Eyetracker-Pong, Robot Porn Addict or the Shitty Sharpie Tattoo Gun)

Ein weiterer Fav vom Stupid Hackathon NYC 2017, die Banana-Keytar von Amanda Lange. Auch geil: der Twitter-Bot Robot Porn Addiction,…

Dwitter – Social-Network für JavaScript-Remixe

Dwitter, ein Social Network von Andreas Løve Selvik für visuelle Javascript-Experimente in 140 Zeichen mit eingebauter Remix-Option für jedes Code-Snippet.…

Finding Animal-Shapes in Noise

Michael Trott hat im Forum von Wolfram Alpha ein random Noise-Pic generiert, die Verdichtungen und Shapes im Noise isoliert, die…

The best Anagramm

Mark Dominus hat das beste Anagramm der englischen Sprache ausgerechnet. Dazu hat er die komplette Liste der Anagramme (der englischen…

./code--poetry

„This website displays a collection of twelve code poems, each written in the source code of a different programming language.…