… this is just too interesting not to comment:
Basically, this is one of the most well-engineered pieces of malware; so much so that researchers still don’t know how it spreads. I highly recommend you read the whole thing, but some highlights about the malware:
- Cryptographically obfuscated payload – the key is the configuration of the target machine.
- Unknown attack vector
- Well-engineered load-balancing of C&C servers
- Inexplicable other behaviors, such as installing a new font (?)
The bottom line is this is the most interesting piece of malware I’ve seen in a long time, all seemingly from the authors of Stuxnet (supposedly the US or Israeli government).