Re: Flame on!

[<michael.blanchard () emc com>]

Back Orafice was da shizzle back in the day!


----- Original Message -----
From: valdis.kletnieks () vt edu [mailto:valdis.kletnieks () vt edu]
Sent: Wednesday, May 30, 2012 11:23 PM
To: Blanchard, Michael (InfoSec)
Cc: rmslade () shaw ca <rmslade () shaw ca>; funsec () linuxbox org <funsec () linuxbox org>
Subject: Re: [funsec] Flame on!

On Wed, 30 May 2012 22:51:09 -0400, michael.blanchard () emc com said:
> a-effin-men Rob!....  I went through the same screaming fit too....  Even
> though it sounds clever until you dig in just a little bit...  20 freakin meg
> in size?  I mean seriously????  The only reason it hasn't been caught in 5
> years (if that's even true) is because it's so freakin' huge LOL

All the AV products probably have a check "If it's a binary over X bytes in size,
it must be a legit binary from Microsoft or Adobe" check.  Somebody probably
just wrote a meg of code, then pasted in 19M of total dead-code crap from
Microsoft Flight Simulator just to bulk it up over the limit.

> "Flame can gather data files, remotely change settings on computers, turn on 
> computer microphones to record conversations, take screen shots and copy 
> instant messaging chats."  [So?  We had RATs that could do that at least a decade 
> ago.]

How big was Back Orifice, which did much of the same stuff *way* back when?
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.