Profile

unixronin: Galen the technomage, from Babylon 5: Crusade (Default)
Unixronin

December 2012

S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Most Popular Tags

Expand Cut Tags

No cut tags
Thursday, April 9th, 2009 05:06 pm

SecurityWire weighs in with still more new information.

The important part here:

Unlike its predecessors, it is dropping a binary that connects to the malicious Waledac worm giving Conficker.E self-propagation abilities.  Previous versions, which exploited a remote procedure call vulnerability in Windows Server Services (MS08-067), spread only via peer-to-peer networks or downloads from a variety of URLs.

Waledac is capable of harvesting and forwarding passwords and spreads via email attachments with topical subject lines; previous iterations of Waledac used holiday-related subject lines and tried to lure users to open with promises of an e-card.

In light of this new information, we can speculate that sufficient systems have been patched against Conficker that it was unable to expand its botnet any further using its built-in infection vectors, so now it may be attempting to expand further by piggybacking on Waledac’s email-trojanning ability.

There’s some clues emerging as to the origins, too:

“Waledac is used mainly for spam,” said Orla Cox, security operations manager with Symantec Security Response.  “We believe Waledac is connected with Storm.  Waledac uses many of the same techniques as Storm; this one is a new iteration.”

[...]

Trend Micro advanced threat researcher Paul Ferguson said analysis of the variant has been difficult because some of the worm’s binaries have been encrypted.  He confirms the crossover between Conficker, Waledac and Storm.

“Some of us expected a new twist to appear at some point in time because it’s got the same fingerprints as the Russian Ukrainian organized crime operations that are probably pulling the strings behind both Conficker and Waledac and may even have been involved in Storm previous to Waledac,” Ferguson said.  “Most of this stuff is extraordinarily professionally designed.”

There’s been a historical tendency since the Second World War to underestimate the Russians in a variety of different arenas.  For instance, in the field of military aviation, Western military analysts heaped scorn on the “primitive” tube electronics of Soviet military avionics; but what they seldom considered was that the Soviet tube hardware was much more EMP-resistant than the contemporary US and European integrated circuitry.

As recently as the late 80s and early 90s, when the latest generation of Russian fighters first appeared, many analysts still looked down on them and criticized them for having vastly inferior onboard computer systems to US fighters.  The problem with this is that aircraft such as the F-16 and F/A-18 are designed to be inherently aerodynamically unstable, relying on their onboard computers to adjust flight control surfaces up to a hundred times per second to keep them stable enough to fly.  Without the same sophisticated digital computers to rely on, Russian designers had to make their aircraft’s aerodynamics virtually perfect to compete.  And they succeeded:  the MiG-29/33/35 and Su-27/35 fighter families are capable of doing effectively everything an F-16 or F-18 can do, but they don’t need an onboard flight-control computer to do it.  Indeed, it was an Su-27 pilot, Sukhoi test pilot Viktor Pugachev, who invented the extreme maneuver now known as the Pugachev Cobra, a maneuver which cannot be matched by production models of the F-15, F-16 or F-18 (though the F-22 Raptor can do it, and heavily-modified experimental versions of the F-15, F-16 and F-18 exist which may be capable of it).

Don’t ever underestimate the Russians ... and don’t make the mistake of letting the fact they’re not technically Russian fool you into underestimating the Ukrainians, either.

Thursday, April 9th, 2009 09:53 pm (UTC)
Don’t make the mistake of letting the fact they’re not technically Russian fool you into underestimating the Ukrainians.

You can say that again -- look at what it did to Jake and the gang from Callahan's Legacy to Callahan's Con...
Friday, April 10th, 2009 08:30 am (UTC)
Too many people confuse intelligence with technology. Human beings use the tools available, usually to devastating effect. Many also confuse cultural sophistication with ability. People can usually survive pretty well when they use their wits.
Friday, April 10th, 2009 07:54 pm (UTC)
Indeed, it was an Su-27 pilot, Sukhoi test pilot Viktor Pugachev, who invented the extreme maneuver now known as the Pugachev Cobra, a maneuver which cannot be matched by production models of the F-15, F-16 or F-18 (though the F-22 Raptor can do it, and heavily-modified experimental versions of the F-15, F-16 and F-18 exist which may be capable of it).

Yup, I remember reading all about the X-31 when it first came around. An F/A-18 was in fact modified for similar thrust vectoring, and I thought I had read that it did in fact successfully perform the maneuver (or a similar one, the Herbst maneuver, the X-31 had a similar maneuver that DID include a gain in altitude as they perform it, but also allowed the plane to pitch and yaw at the height of the maneuver, giving it the ability to quickly snap around and lock onto an opponent, though the diagrams all show the plane doing it as a super tight 180 degree turn).



Friday, April 10th, 2009 08:14 pm (UTC)
Yup, the Herbst maneuver you just described is basically exactly that — using vectored thrust and post-stall aerodynamics to make a very tight high-angle turn with minimal loss of energy. The F-22 should be capable of the Herbst maneuver as well.