Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
to Snowy
Re: Can YOU Crack The Gauss Uber-Virus Encryption?Nope you prove they don't since it's you game..and I not playing that you think they do...you are just grabing at straw. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2012-Aug-16 5:17 pm
said by Name Game:Nope you prove they don't since it's you game..and I not playing that you think they do...you are just grabing at straw. Have it your way. I've sent this email Date: Thu, 16 Aug 2012 11:07:17 -1000 " Hello, I've been informed that Panda currently does not offer AV protection to customers in Lebanon or Iran. Is that an accurate statement?"to customeradvocate-at-pandasecurity.com I'll post up any/all replies I receive. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
Try do they have sales and how many...then ask why they can't or don't id Gauss at this point in time ...you are still on a general fishing expedition trying to twist words in a area you either refuse to understand or just to lazy to read info about Gauss on your own so you can talk your point. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2012-Aug-16 5:45 pm
said by Name Game:Try do they have sales and how many...then ask why they can't or don't id Gauss at this point in time ...you are still on a general fishing expedition trying to twist words in a area you either refuse to understand or just to lazy to read info about Gauss on your own so you can talk your point. hehe, you accuse me of 'graping at straws, being on fishing expedition etc...' when it's actually you that's looking desperate by asking me to disprove what you're saying is fact. The onus is on the person making the statement to back it up with fact, rather than requiring the person that doubts the factual basis of the original statement to 'disprove' it. That's how adults agree to disagree over a statement. ps I haven't even received an auto reply from customeradvocate-at-pandasecurity.com but I'll stay on top of it & see this question brought to a factual conclusion & post it up here. Meanwhile - there's nothing constructive happening here, later. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
to FF4m3
The Mystery of the Encrypted Gauss Payload » www.securelist.com/en/bl ··· _Payload |
|
norwegian Premium Member join:2005-02-15 Outback |
In the read, it means a character "~", I thought of file shares but that is "$". Can anyone highlight what the "~" is again, was it deleted files or something similar.....I just can't put my finger on it.
|
|
|
to FF4m3
What makes these researchers think anyone in the world can crack the encryption? If anyone is successful they will surely be famous (and probably win a Field's Medal in mathematics). |
|
|
norwegian Premium Member join:2005-02-15 Outback |
I don't think it specific to cracking the encryption as such, it is about analysis. They know there is a reference for this packet to %programfiles%, they know the code designated to this references higher than 0x007A. They has tried thousands of program names but with no luck, so they need help and hopefully someone will pick upp something simple they have overlooked, or something technical, lets not bash on words. Once they know those specifics the encrypted payload isn't needed to understand targeting. quote: 1. Make a list of all entries from GetEnvironmentVariableW(Path), split by separator ; 2. Append the list with all entries returned by FindFirstFileW / FindNextFileW by mask %PROGRAMFILES%\*, where cFileName[0] > 0x007A (UNICODE z)
Note: in essence, this means the specific program which is installed in %PROGRAMFILES% has a name which starts either with a special char such as ~, as in our example, or uses an UNICODE special char table, such as Arabic or Hebrew, where all chars are higher than 0x007A.
On a side note SSL for me is broken at the moment, I wonder if it is the A/V cert (turned off), or something else has affected SSL transmissions at present? Oh well off we go, 7 dwarfs in a row. |
|
Spy4 Premium Member join:2001-09-22 NE |
Spy4 to FF4m3
Premium Member
2012-Aug-16 9:40 pm
to FF4m3
i would never be able to crack that code in a million years. |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN |
to FF4m3
Wouldn't it be a trip if the "encrypted payload" turned out to be purely random code and everything else was just a semi-functional fake, designed to merely infect and occupy the attention of everyone while the 'real deal' was off somewhere else, quitely doing its business in some other way...? |
|
Spy4 Premium Member join:2001-09-22 NE |
Spy4 to FF4m3
Premium Member
2012-Aug-16 10:35 pm
to FF4m3
come on i cracked it already, stop posting here. |
|
Rocky67Pencil Neck Geek Premium Member join:2005-01-13 Orange, CA |
to Blackbird
said by Blackbird:Wouldn't it be a trip if the "encrypted payload" turned out to be purely random code and everything else was just a semi-functional fake, designed to merely infect and occupy the attention of everyone while the 'real deal' was off somewhere else, quitely doing its business in some other way...? Yes, it would. It's a classic form of deception. |
|
norwegian Premium Member join:2005-02-15 Outback |
said by Rocky67:said by Blackbird:Wouldn't it be a trip if the "encrypted payload" turned out to be purely random code and everything else was just a semi-functional fake, designed to merely infect and occupy the attention of everyone while the 'real deal' was off somewhere else, quitely doing its business in some other way...? Yes, it would. It's a classic form of deception. What, you mean like this » Saudi oil giant seals off network : mystery malware attack |
|
Spy4 Premium Member join:2001-09-22 NE |
Spy4 to FF4m3
Premium Member
2012-Aug-18 10:13 pm
to FF4m3
someone has moderated what i have said here as i am capable of doing based on the united states constitution...I didn't use any swear words...Shall this site be shut down for not abiding by the United States Governments constitution...Should this be considered a terrorist site from now on and be shut down? |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
Name Game
Premium Member
2012-Aug-18 10:17 pm
said by Spy4:someone has moderated what i have said here as i am capable of doing based on the united states constitution...I didn't use any swear words...Shall this site be shut down for not abiding by the United States Governments constitution...Should this be considered a terrorist site from now on and be shut down? I get posts whacked all the time..not a big thing and I never ask why..just take it in stride and have a great day. |
|
Spy4 Premium Member join:2001-09-22 NE |
Spy4
Premium Member
2012-Aug-18 10:23 pm
said by Name Game:said by Spy4:someone has moderated what i have said here as i am capable of doing based on the united states constitution...I didn't use any swear words...Shall this site be shut down for not abiding by the United States Governments constitution...Should this be considered a terrorist site from now on and be shut down? I get posts whacked all the time..not a big thing and I never ask why..just take it in stride and have a great day. thank you Name Game, you're allright. But I'm going to let every Government Agency in the United States see what's happening here. It's just my job. I want them to see sites that break our earned rights in this country by our constitution. They don't like people breaking the law. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI
1 recommendation |
Name Game
Premium Member
2012-Aug-18 10:47 pm
If it's the three letter guys..they are all busy getting microchip implants so they can ride the Metro for Free. |
|
Spy4 Premium Member join:2001-09-22 NE |
Spy4
Premium Member
2012-Aug-18 10:56 pm
yeah, but not this guy..He's looking for people who don't like him. |
|
|
to Spy4
said by Spy4:said by Name Game:said by Spy4:someone has moderated what i have said here as i am capable of doing based on the united states constitution...I didn't use any swear words...Shall this site be shut down for not abiding by the United States Governments constitution...Should this be considered a terrorist site from now on and be shut down? I get posts whacked all the time..not a big thing and I never ask why..just take it in stride and have a great day. thank you Name Game, you're allright. But I'm going to let every Government Agency in the United States see what's happening here. It's just my job. I want them to see sites that break our earned rights in this country by our constitution. They don't like people breaking the law. said by Spy4:said by Name Game:said by Spy4:someone has moderated what i have said here as i am capable of doing based on the united states constitution...I didn't use any swear words...Shall this site be shut down for not abiding by the United States Governments constitution...Should this be considered a terrorist site from now on and be shut down? I get posts whacked all the time..not a big thing and I never ask why..just take it in stride and have a great day. thank you Name Game, you're allright. But I'm going to let every Government Agency in the United States see what's happening here. It's just my job. I want them to see sites that break our earned rights in this country by our constitution. They don't like people breaking the law. Not sure if srs or not, but you do know that the 1st amendment only applies to government suppression of speech. A private entity can filter whatever it wants. |
|
your moderator at work
hidden : hidden : hidden : hidden :
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI 2 edits |
to Snowy
Re: Can YOU Crack The Gauss Uber-Virus Encryption?As of about 12 hour ago according to virus total Panda can now id guass and they call it trj/Gauss.A but according to their site none of their customers have reported it as an infection. I would assume they got sig/copy of it from the usual sharing source between AV companies..and seems Gauss has all but disapeared from the wild..very low priority and a flash in the pan. Since it was put out to "intercept passwords, steal computer system configuration information and access credential information for banks located in the Middle East", I am not surprised.
Whether Panda can clean it off an infected system..I guess no one will ever know. |
|
norwegian Premium Member join:2005-02-15 Outback 1 edit |
At the bottom of the initial link posted by FF4m3 here on page 2 there is a tool to test ans see if your system meets the needs of this malware. As I can't post a link to an .exe, you will have to go look for it your self. Look for the post by lightswitch05 on 2012 Aug 18, 00:48 |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
Already read that before..US officials like to "racial profile"..they even have hit list. |
|
norwegian Premium Member join:2005-02-15 Outback 2 edits |
Bit off topic, but I think your right. Edited that part now, it seems a little far fetched. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
Name Game
Premium Member
2012-Aug-21 10:52 am
said by norwegian:Bit off topic, but I think your right. Edited that part now, it seems a little far fetched. glad you finally made up your mind..was tongue in cheek in any case. Gauss was a targeted attack..for a very good reason and it gave results of criminal activity that all of us would want to stop. Just happened to be in that part of the world. I am happy that when it was out there gathering the info..no AV could id or clean it off. |
|
Name Game |
to norwegian
BTW..I also wondered if that stuff in Gauss no one seems to be albe to figure out..has to do with this.. » Prime-factoring quantum computing makes encryption obsoleteThe US govt might be there already with uber stuff. |
|
norwegian Premium Member join:2005-02-15 Outback
1 recommendation |
to FF4m3
Oops. » arstechnica.com/security ··· g-flame/Because of incorrect research contained in the original report, this article previously misidentified a command and control server that was being accessed by computers infected by the Gauss espionage malware. Contrary to that report, the server is operated by researchers with antivirus provider Kaspersky Lab. Such "sinkholes" are used disrupt computer botnets by preventing infected machines from reporting to malicious servers under the control of the malware operator. |
|