PPRuNe Forums

PPRuNe Forums (https://www.pprune.org/)
-   Computer/Internet Issues & Troubleshooting (https://www.pprune.org/computer-internet-issues-troubleshooting-46/)
-   -   Kaspersky saves the world. (https://www.pprune.org/computer-internet-issues-troubleshooting/486625-kaspersky-saves-world.html)

Loose rivets 29th May 2012 00:04
Kaspersky saves the world.
 
One is amazed at human ingenuity, and it seems there is no limit to the game.

BBC News - Flame: Massive cyber-attack discovered, researchers say

mixture 29th May 2012 15:54
Its a clever one that's for sure, all the more impressive when you find out the entire package weighs in at 20MB.... many times the size of Stuxnet and an order of magnitude bigger than your average virus.

It is quite surprising it went undetected for so long given the volumes of data its been allegedly transferring back to C&C. But then I guess the networks being targeted don't have much in place in the way of egress protection mechanisms.

Should be interesting to see how the AV companies react to this in terms of building new screening mechanisms against this zero-day.

Milo Minderbinder 29th May 2012 17:09
or even new nomenclature - this is hardly "zero day" even though its only just been discovered. Looks like its been around for some time

the only saving feature is that presumably its aimed at big business - not the average home user

as mixture says - something that big must be damn sophisticated to have been overlooked that long

mixture 29th May 2012 18:28
I meant "zero day" as far as the IT security industry is concerned. :cool:

The thing has been around for five years ! So one can only extrapolate how sophisticated the stuff is they are working on right now. :eek:

Loose rivets 29th May 2012 19:37
Quite so. Like removing the camouflage from an old tank at the right moment, so people chase it instead of the new super-kit.

Milo Minderbinder 29th May 2012 20:07
"I meant "zero day" as far as the IT security industry is concerned"

I know what you mean, but the point I was trying to make is that in this case that concept doesn't really fit the bill
In most zero days, an exploit is found and then its a race to patch it before someone breaks the exploit open with an attack
In this case they've had five years to capiltalise on the breach - and to refine it. It really does need a new descriptor - a null detection attack maybe? Or a -1825 day attack (meaning the five years headstart)? Dunno, I'm just chuntering

But the important thing is, as you suggest: what else is waiting out there?


All times are GMT. The time now is 15:32.


Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.