dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
4991

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Snowy

Premium Member

to Snowy

Re: Can YOU Crack The Gauss Uber-Virus Encryption?

Nope you prove they don't since it's you game..and I not playing that you think they do...you are just grabing at straw.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by Name Game:

Nope you prove they don't since it's you game..and I not playing that you think they do...you are just grabing at straw.

Have it your way.
I've sent this email
Date: Thu, 16 Aug 2012 11:07:17 -1000
"Hello,
I've been informed that Panda currently does not offer AV protection to customers in Lebanon or Iran.
Is that an accurate statement?"

to
customeradvocate-at-pandasecurity.com
I'll post up any/all replies I receive.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

Try do they have sales and how many...then ask why they can't or don't id Gauss at this point in time ...you are still on a general fishing expedition trying to twist words in a area you either refuse to understand or just to lazy to read info about Gauss on your own so you can talk your point.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

said by Name Game:

Try do they have sales and how many...then ask why they can't or don't id Gauss at this point in time ...you are still on a general fishing expedition trying to twist words in a area you either refuse to understand or just to lazy to read info about Gauss on your own so you can talk your point.

hehe, you accuse me of 'graping at straws, being on fishing expedition etc...' when it's actually you that's looking desperate by asking me to disprove what you're saying is fact.
The onus is on the person making the statement to back it up with fact, rather than requiring the person that doubts the factual basis of the original statement to 'disprove' it.
That's how adults agree to disagree over a statement.
ps I haven't even received an auto reply from customeradvocate-at-pandasecurity.com but I'll stay on top of it & see this question brought to a factual conclusion & post it up here.
Meanwhile - there's nothing constructive happening here, later.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to FF4m3

Premium Member

to FF4m3
The Mystery of the Encrypted Gauss Payload

»www.securelist.com/en/bl ··· _Payload

norwegian
Premium Member
join:2005-02-15
Outback

norwegian

Premium Member


In the read, it means a character "~", I thought of file shares but that is "$". Can anyone highlight what the "~" is again, was it deleted files or something similar.....I just can't put my finger on it.

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller to FF4m3

Premium Member

to FF4m3
What makes these researchers think anyone in the world can crack the encryption? If anyone is successful they will surely be famous (and probably win a Field's Medal in mathematics).

norwegian
Premium Member
join:2005-02-15
Outback

norwegian

Premium Member

I don't think it specific to cracking the encryption as such, it is about analysis.

They know there is a reference for this packet to %programfiles%, they know the code designated to this references higher than 0x007A.

They has tried thousands of program names but with no luck, so they need help and hopefully someone will pick upp something simple they have overlooked, or something technical, lets not bash on words.
Once they know those specifics the encrypted payload isn't needed to understand targeting.
quote:
1. Make a list of all entries from GetEnvironmentVariableW(“Path”), split by separator “;”
2. Append the list with all entries returned by FindFirstFileW / FindNextFileW by mask “%PROGRAMFILES%\*”, where cFileName[0] > 0x007A (UNICODE ‘z’)

Note: in essence, this means the specific program which is installed in “%PROGRAMFILES%” has a name which starts either with a special char such as “~”, as in our example, or uses an UNICODE special char table, such as Arabic or Hebrew, where all chars are higher than 0x007A.
On a side note SSL for me is broken at the moment, I wonder if it is the A/V cert (turned off), or something else has affected SSL transmissions at present?

Oh well off we go, 7 dwarfs in a row.

Spy4
Premium Member
join:2001-09-22
NE

Spy4 to FF4m3

Premium Member

to FF4m3
i would never be able to crack that code in a million years.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird to FF4m3

Premium Member

to FF4m3
Wouldn't it be a trip if the "encrypted payload" turned out to be purely random code and everything else was just a semi-functional fake, designed to merely infect and occupy the attention of everyone while the 'real deal' was off somewhere else, quitely doing its business in some other way...?

Spy4
Premium Member
join:2001-09-22
NE

Spy4 to FF4m3

Premium Member

to FF4m3
come on i cracked it already, stop posting here.

Rocky67
Pencil Neck Geek
Premium Member
join:2005-01-13
Orange, CA

Rocky67 to Blackbird

Premium Member

to Blackbird
said by Blackbird:

Wouldn't it be a trip if the "encrypted payload" turned out to be purely random code and everything else was just a semi-functional fake, designed to merely infect and occupy the attention of everyone while the 'real deal' was off somewhere else, quitely doing its business in some other way...?

Yes, it would. It's a classic form of deception.

norwegian
Premium Member
join:2005-02-15
Outback

norwegian

Premium Member

said by Rocky67:

said by Blackbird:

Wouldn't it be a trip if the "encrypted payload" turned out to be purely random code and everything else was just a semi-functional fake, designed to merely infect and occupy the attention of everyone while the 'real deal' was off somewhere else, quitely doing its business in some other way...?

Yes, it would. It's a classic form of deception.

What, you mean like this »Saudi oil giant seals off network : mystery malware attack

Spy4
Premium Member
join:2001-09-22
NE

Spy4 to FF4m3

Premium Member

to FF4m3
someone has moderated what i have said here as i am capable of doing based on the united states constitution...I didn't use any swear words...Shall this site be shut down for not abiding by the United States Governments constitution...Should this be considered a terrorist site from now on and be shut down?

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

said by Spy4:

someone has moderated what i have said here as i am capable of doing based on the united states constitution...I didn't use any swear words...Shall this site be shut down for not abiding by the United States Governments constitution...Should this be considered a terrorist site from now on and be shut down?

I get posts whacked all the time..not a big thing and I never ask why..just take it in stride and have a great day.

Spy4
Premium Member
join:2001-09-22
NE

Spy4

Premium Member

said by Name Game:

said by Spy4:

someone has moderated what i have said here as i am capable of doing based on the united states constitution...I didn't use any swear words...Shall this site be shut down for not abiding by the United States Governments constitution...Should this be considered a terrorist site from now on and be shut down?

I get posts whacked all the time..not a big thing and I never ask why..just take it in stride and have a great day.

thank you Name Game, you're allright. But I'm going to let every Government Agency in the United States see what's happening here. It's just my job. I want them to see sites that break our earned rights in this country by our constitution. They don't like people breaking the law.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 recommendation

Name Game

Premium Member

If it's the three letter guys..they are all busy getting microchip implants so they can ride the Metro for Free.

Spy4
Premium Member
join:2001-09-22
NE

Spy4

Premium Member

Click for full size
yeah, but not this guy..He's looking for people who don't like him.

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller to Spy4

Premium Member

to Spy4
said by Spy4:

said by Name Game:

said by Spy4:

someone has moderated what i have said here as i am capable of doing based on the united states constitution...I didn't use any swear words...Shall this site be shut down for not abiding by the United States Governments constitution...Should this be considered a terrorist site from now on and be shut down?

I get posts whacked all the time..not a big thing and I never ask why..just take it in stride and have a great day.

thank you Name Game, you're allright. But I'm going to let every Government Agency in the United States see what's happening here. It's just my job. I want them to see sites that break our earned rights in this country by our constitution. They don't like people breaking the law.

said by Spy4:

said by Name Game:

said by Spy4:

someone has moderated what i have said here as i am capable of doing based on the united states constitution...I didn't use any swear words...Shall this site be shut down for not abiding by the United States Governments constitution...Should this be considered a terrorist site from now on and be shut down?

I get posts whacked all the time..not a big thing and I never ask why..just take it in stride and have a great day.

thank you Name Game, you're allright. But I'm going to let every Government Agency in the United States see what's happening here. It's just my job. I want them to see sites that break our earned rights in this country by our constitution. They don't like people breaking the law.

Not sure if srs or not, but you do know that the 1st amendment only applies to government suppression of speech. A private entity can filter whatever it wants.
Expand your moderator at work

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

2 edits

Name Game to Snowy

Premium Member

to Snowy

Re: Can YOU Crack The Gauss Uber-Virus Encryption?

As of about 12 hour ago according to virus total Panda can now id guass and they call it trj/Gauss.A but according to their site none of their customers have reported it as an infection. I would assume they got sig/copy of it from the usual sharing source between AV companies..and seems Gauss has all but disapeared from the wild..very low priority and a flash in the pan. Since it was put out to "intercept passwords, steal computer system configuration information and access credential information for banks located in the Middle East", I am not surprised.

Whether Panda can clean it off an infected system..I guess no one will ever know.

norwegian
Premium Member
join:2005-02-15
Outback

1 edit

norwegian

Premium Member

At the bottom of the initial link posted by FF4m3 here on page 2 there is a tool to test ans see if your system meets the needs of this malware. As I can't post a link to an .exe, you will have to go look for it your self. Look for the post by lightswitch05 on 2012 Aug 18, 00:48

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

Already read that before..US officials like to "racial profile"..they even have hit list.

norwegian
Premium Member
join:2005-02-15
Outback

2 edits

norwegian

Premium Member

Bit off topic, but I think your right. Edited that part now, it seems a little far fetched.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

said by norwegian:

Bit off topic, but I think your right. Edited that part now, it seems a little far fetched.

glad you finally made up your mind..was tongue in cheek in any case.

Gauss was a targeted attack..for a very good reason and it gave results of criminal activity that all of us would want to stop. Just happened to be in that part of the world. I am happy that when it was out there gathering the info..no AV could id or clean it off.
Name Game

Name Game to norwegian

Premium Member

to norwegian
BTW..I also wondered if that stuff in Gauss no one seems to be albe to figure out..has to do with this..

»Prime-factoring quantum computing makes encryption obsolete

The US govt might be there already with uber stuff.

norwegian
Premium Member
join:2005-02-15
Outback

1 recommendation

norwegian to FF4m3

Premium Member

to FF4m3
Oops.

»arstechnica.com/security ··· g-flame/

Because of incorrect research contained in the original report, this article previously misidentified a command and control server that was being accessed by computers infected by the Gauss espionage malware. Contrary to that report, the server is operated by researchers with antivirus provider Kaspersky Lab. Such "sinkholes" are used disrupt computer botnets by preventing infected machines from reporting to malicious servers under the control of the malware operator.