back to article Flame gets suicide command

The controllers of the Flame malware have apparently reacted to the publicity surrounding the attack by sending a self-destruct command. According to Symantec, some command-and-control machines have sent a command designed to wipe Flame from compromised computers. The command, which Symantec has dubbed “urgent suicide”, was …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Hacker

    Is anybody else reminded of Steve Jackson Games' "Hacker"?

    You could spend an action "cleaning" up a system, removing everybody else who had compromised it.

    (now, if only SJG would do a Hacker: Designer's Edition Kickstarter, after the success of the Ogre: Designer's Edition Kickstarter).

    There are days I wish somebody would write a Warhol Worm that would infect every already infected botnet zombie out there, then "kill" them by overwriting the hard disk: the old "Nuke the entire site from orbit" approach to cleansing the Internet.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hacker

      Maybe this is the prelude to killing the Internet?

      A little feasibility test.....

      1. Horridbloke
        Trollface

        Re: Hacker

        Couldn't they just type "Google" into Google to kill the Internet?

        1. Anonymous Coward
          Anonymous Coward

          Re: Hacker

          I thought you just had to ask the internet a vaguely difficult and insoluble question and wait for it to explode. I saw Captain Kirk do it once, so it must be true.

          1. Francis Boyle Silver badge

            Re: Hacker

            Yhe Internet? I thought by the twenty-second century they had replaced the Internet with a big mainframe with blinkenlights on an asteroid somewhere in deep space. It's progress, Jim, but not as we know it.

  2. Magani
    Flame

    Huh?

    'After deletion, the module overwrites the disk with random characters.'

    Richard, I'm assuming that means just the sectors previously occupied by the Flame code? Otherwise it's a bit of overkill, is it not?

    Flame, what else?

    1. Graham Bartlett

      Re: Huh?

      And the virus authors would care for why...?

      1. Tom 13

        Re: And the virus authors would care for why...?

        Because they are State actors and don't want their enemies to know WHICH systems were compromised. Duh!

  3. xenny

    So, what are the IP addresses of the C&C servers?

    1. The Baron
      Black Helicopters

      192.168.100.x

      o_O

  4. g e

    That's pretty thorough

    Defo smacks of professional/industrial coding.

  5. ukgnome
    Stop

    A tip for next time

    Maybe not publicise it so well.

    As soon, all you will have left is an anecdote about some malware that no longer exists.

    1. Ed 13

      Re: A tip for next time

      What is this "smallpox" of which you speak?

      1. Tom 13

        Re: What is this "smallpox" of which you speak?

        See: Twelve Monkeys

        Why? Because now that everybody treats smallpox as if it is extinct it is the perfect weapon with which to unleash unlimited terror.

  6. smudge
    Boffin

    Why new suicide module?

    > Symantec says Flame had originally shipped with a suicide module,

    > and they don’t know why a new suicide module was used.

    Because the original one was compromised. Had been discovered. Could have been disabled.

    (The icon is for Symantec's benefit.)

    1. Anonymous Coward
      Anonymous Coward

      Re: Why new suicide module?

      Yeah, except that we learn from TFA that the new module was rolled out BEFORE it was discovered.

      1. Tom 13

        Re: Why new suicide module?

        No, we learn that it was rolled out before it was allegedly discovered. If the State Actor saw warnings of it being discovered in one of their security notifications lists, that info goes directly to the black ops team so they can clean up their mess.

  7. Dom 3

    Of course, no malware author would ever fiddle with a creation date or timestamp before releasing something, would they?

  8. jubtastic1

    I suppose this is the sort of thing you would do

    If you wanted to bury the story before anyone could accurately count the infections and trace it back to your government.

    1. Tom 13

      Re: I suppose this is the sort of thing you would do

      Nah. The NY Slimes will confirm it were The Big 0 wot done it within a few weeks, so no need to trace it. It might cover a compromised system or maybe protect an agent who was used to deploy it, but the agent's chances are at best 50:50 given the current Administration record anyway.

  9. Robert E A Harvey
    Big Brother

    but did it work?

    So has anyone re-drawn that pretty red map?

  10. Anonymous Coward
    Thumb Up

    Awesome!!!

  11. Britt Johnston
    Holmes

    honey swat key...

    That is really friendly of them to tidy up afterwards.

  12. JeffyPooh
    Pint

    So in other words...

    So, the Flame authors write a far better Uninstall routine than does Symantec for their horrid NIS.

    Worse than that, the Flame authors can write software that goes about its secretive business without hardly anyone even noticing, as compares to Symantec software that constantly gets in the way and generally makes a complete nuisance of itself.

    Flame authors: +2

    Symantec: -1,000,000 for being so useless

  13. Rockyroadtopoland
    Mushroom

    JeffyPooh, Amen brother!

    Ŷ Symantec software= designed by north Korean military cyber warriors to cause endless damage to civilian and US military assets.

    There is only one test to join the elite of the united states airforce cyber command and that is be able to uninstall NIS cleanly from a windows millennium edition pc. No ones managed it yet.

    Consistently Worse than any malware for 14 years.

  14. Alan Brown Silver badge

    I can uninstall NIS easily

    Format and start over. Preferably with QNX

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020