tag:blogger.com,1999:blog-2702972381435105050.post206503089803460328..comments2023-11-20T01:40:56.396-08:00Comments on CyberSecPolitics: The Killswitch story feels like bullshitDave Aitelhttp://www.blogger.com/profile/17021799961866070637noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-2702972381435105050.post-74372499939906425632017-08-08T01:23:56.080-07:002017-08-08T01:23:56.080-07:00logic is not too strong in this post...logic is not too strong in this post...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2702972381435105050.post-37256697217400016612017-08-06T09:50:41.152-07:002017-08-06T09:50:41.152-07:00Sandbox evasion?
http://www.darkreading.com/threa...Sandbox evasion?<br /><br />http://www.darkreading.com/threat-intelligence/wannacrys-kill-switch-may-have-been-a-sandbox-evasion-tool/d/d-id/1328892Anonymoushttps://www.blogger.com/profile/11720810161513470401noreply@blogger.comtag:blogger.com,1999:blog-2702972381435105050.post-32942856768719305672017-08-06T06:35:51.228-07:002017-08-06T06:35:51.228-07:00Wholly agree, if he had suspicions he wouldbe on t...Wholly agree, if he had suspicions he wouldbe on the hook for wannacry, he would not have entered the US. Plus, the indictmnet is about kronos (although at hearing it wasnt named)Anonymoushttps://www.blogger.com/profile/08552321696447361804noreply@blogger.comtag:blogger.com,1999:blog-2702972381435105050.post-32854550991137293272017-08-06T05:56:47.836-07:002017-08-06T05:56:47.836-07:00I agree with Dave. What kind of idiot criminal wou...I agree with Dave. What kind of idiot criminal would set a "killswitch" in his malware? If their motivation and main goal was making money with ransomware, they shouldn't stop it. They were clever enough to worming ETERNALBLUE 0day, spread it all around the world and encrypt all data. So why would he want to stop it with dummy killswitch? Altough criminals don't have any ethic or morals to stop spreading of ransomware. Am I missing something? <br /><br />Look at NotPetya, no killswitch even no valid payment address, full destructive "wiper".Canberk Bolathttps://www.blogger.com/profile/05827792371374130033noreply@blogger.comtag:blogger.com,1999:blog-2702972381435105050.post-41624132760776256292017-08-05T20:43:05.171-07:002017-08-05T20:43:05.171-07:00I have to disagree with your assumption that the &...I have to disagree with your assumption that the "killswitch" story was bull... I was in communication with "MalwareTech" at the time this was unfolding, and even though others thought registering the domain would trigger a larger attack, I followed the code as many others did, and confirmed it caused a sink (end of operation). <br />I was one of the (many) folks that said I concurred with domain registration and that he could always pull the plug on it if we were mistaken. <br />I watched as his discovery occurred at the same time that many reversers where finding the same thing. He simply had the stones to go for the domain registration. <br />So, I am sorry to burst your bubble of conspiracy based on your ignorance of reverse engineering, and the utter lack of having been in the fight as it unfolded, but such is the case mate. SID_6.7https://www.blogger.com/profile/00348763156956046343noreply@blogger.comtag:blogger.com,1999:blog-2702972381435105050.post-42064929200563375642017-08-05T16:52:57.853-07:002017-08-05T16:52:57.853-07:00As a wise man once said: PoC||GTFO.
> The Kill...As a wise man once said: PoC||GTFO.<br /><br />> The Killswitch story feels like bullshit<br /><br />The steps taken to locate the so called "killswitch" were trivial for any slightly experienced security researcher. I had a brief look at the samples myself and found the mentioned domain, and I'm nowhere near the level of Marcus. Again, this was not a big deal for any seasoned malware reverser, as was pointed out multiple times.<br /><br />> Being afraid to take the limelight is not a typical "White Hat" behavior, to say the least. <br /><br />At risk of making you even more skeptical I think this boils down to modesty and safety. I haven't met many people who went from being rather unknown to a global phenomenon while happily embracing the worldwide media as soon as being approached. In fact, those few who did were quickly labeled as "media whores". Let's be honest, if your day do day job is tracking botnets and sharing intel with .gov agencies, why would you want to have your real name / pictures / addresses online.<br /><br />While I have no proof to deny your theory, I think there's truly no arguments to support it either. If anything this contributes even more to the FUD around this matter.Alexandro Sánchez Bachhttps://www.blogger.com/profile/17086746035311706916noreply@blogger.comtag:blogger.com,1999:blog-2702972381435105050.post-32966896258734663132017-08-05T16:36:47.520-07:002017-08-05T16:36:47.520-07:00This comment has been removed by the author.Alexandro Sánchez Bachhttps://www.blogger.com/profile/17086746035311706916noreply@blogger.comtag:blogger.com,1999:blog-2702972381435105050.post-56429095524770618602017-08-05T15:36:57.593-07:002017-08-05T15:36:57.593-07:00If it smells like bullshit it probably is.If it smells like bullshit it probably is.Impishbynaturehttps://www.blogger.com/profile/10711172242428590680noreply@blogger.com