User: Password:
|
|
Subscribe / Log in / New account

Security quotes of the week

Security quotes of the week

Posted Aug 23, 2012 12:39 UTC (Thu) by redden0t8 (guest, #72783)
In reply to: Security quotes of the week by ekj
Parent article: Security quotes of the week

Kaspersky has already done that - it's looking for a specific registry key. The problem is, they've tried every plausible value they can think of.

Assuming this payload is along the same lines as Stuxnet, I think the answer is pretty obvious: it's looking for a registry key associated with someone's specifically customized SCADA software. The key's probably in some non-English language and has never been seen outside the campus of the target.


(Log in to post comments)

Security quotes of the week

Posted Aug 23, 2012 12:51 UTC (Thu) by ekj (guest, #1524) [Link]

That makes sense. Or the key could be the hash of some executable or something of that order, that the software checks to ensure the integrity of the file - if so that's equivalent to a random number (aslong as you don't have that specific file, I mean)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds