back to article Malware analysts tell crooks to shape up and write decent code

Blackhats beware: reverse engineers are laughing at your buggy advanced persistent threat (APT) malware. You've done pretty well though: your custom payloads were effective at breaking into enterprises and the damage it did was quite devastating. But many were being found and added to anti-malware signatures all too quickly …

  1. jake Silver badge

    They "tend not to care" because ...

    ... seven nines of the general population are totally clueless about computers & networking, and six nines are more gullible than a retriever chasing a "ghost" tennis ball.

    1. Destroy All Monsters Silver badge

      Re: They "tend not to care" because ...

      > a retriever chasing a "ghost" tennis ball

      Cue scary Stephen King movie music.

  2. Anonymous Coward
    Anonymous Coward

    Hubris

    So the code isn't elegant, is inefficient and bug-ridden. It is still effective enough in general to provide a threat sufficiently high as to pay for the likes of FireEye and these analysts to exist.

    I'm not sure what value there is in publicly crowing about the miscreants' skills because, as the analysts say:

    "APT authors don't care enough to take any of this advice. All the stuff they build works, so they don't tend to care."

    1. Destroy All Monsters Silver badge
      Windows

      Re: Hubris

      Well, that's the case of 99% of the IT "industry". For some values of "works", often handled by "you do have a backup, don't you?" recovery efforts.

  3. Milo Tsukroff
    Black Helicopters

    Who's more evil - the hackers or these analysts?

    This article only goes to prove the point of all those conspiracy theorists out there, who have said for years that the anti-virus industry was working hand-in-glove with the virus writers. So these analysts want to HELP the hackers write BETTER code? Cue the black helicopters, and, "Shut 'er down, Clancy, she's pumping mud!"

    1. Wzrd1

      Re: Who's more evil - the hackers or these analysts?

      Well, one of two things will happen.

      Either their prediction will be true and nothing will be done to improve the coding, which is likely. After all, don't fix it if it's working and hence, isn't broken.

      Or, they'll be listened to by the APT leadership and efforts will be down for some time as the coders learn how to properly code. Then, the folks analyzing the code will be commanding even more of a premium in their pay and hence, to company profits in elevated pricing, just to compensate for the increased quality.

      From my own personal experience with APT's, I suspect it'll be the former.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021