Lua script used in malware

[coffee]

Don't know if it's the first but malware "discovered" the flexibilily of Lua to command a 20 MB malware/worm for gather information like take screenshots, record webcam, skype talks and a lot more. Is called Worm.Win32.Flame or Skywiper and Middle-East oriented. Sadly this always could bring to Lua some bad reputation.
http://www.securelist.com/en/blog/20819 ... nd_Answers

EDITED: More detailed info about Lua part
http://www.crysys.hu/skywiper/skywiper.pdf (check pag: 48-51)

[kikito]

If I understood correctly, the huge size (for a malware) comes from the fact that it also bundles lots of general-purpose libs; for example, a database driver. They could probably make a much smaller malware with Lua on it.

I wouldn't worry too much about the reputation. Any tool can be used for bad purposes. C didn't get bad reputation because it's used in malware. Cables don't get bad reputation because they are used to make bombs.

[coffee]

If I understood correctly, the huge size (for a malware) comes from the fact that it also bundles lots of general-purpose libs; for example, a database driver. They could probably make a much smaller malware with Lua on it.

I wouldn't worry too much about the reputation. Any tool can be used for bad purposes. C didn't get bad reputation because it's used in malware. Cables don't get bad reputation because they are used to make bombs.

Yes, it's a very huge C++ exe with SQLite database and 3000 lines Lua(c) scripted that does really a lot of things. A very uncommon worm by the normal worm standards. My worry was specially because the fact of have Lua be very focused worlwide in the news about that worm. You know how rumors and misinterpretations start. Reading Kapersky blog comments you notice that there is an institute very worried that "flame lua" search leeds to their webite and they started publicy refuct connection with the worm.

[bartbes]

Immediately reminded me of this: http://philosecurity.org/2009/01/12/int ... are-author
Which is about an adware developer that uses scheme.

[SimonLarsen]

http://www.foxnews.com/scitech/2012/05/ ... gry-birds/

[Roland_Yonaba]

Found on Wikipedia.

[Nixola]

http://en.wikipedia.org/wiki/Flame_(malware)

[coffee]

Thank you to all for the links.

http://en.wikipedia.org/wiki/Flame_(malware)

Corrected link: http://en.wikipedia.org/wiki/Flame_(malware) you missed the ")" Nixola

From Larsen link, 1st paragraph:

The most sophisticated and powerful cyberweapon uncovered to date was written in the LUA computer language, cyber security experts tell Fox News -- the same one used to make the incredibly popular Angry Birds game.

Well, was this kind of sensationalist misleading news I didn't want to see Lua involved...

Kikito, I understand what you mean about "C" don't be blamed, true. However normally if malware/trojan/virus news usually don't refer "C" as the bad thing, this time the Lua use is being a lot focused. I bet a fistful of hackers (or replace for the correct designation for people who made virus) wannabe's are looking now how to use Lua in their "creations".

[Xgoff]

The most sophisticated and powerful cyberweapon uncovered to date was written in the LUA computer language, cyber security experts tell Fox News -- the same one used to make the incredibly popular Angry Birds game.

Well, was this kind of sensationalist misleading news I didn't want to see Lua involved...

well, it IS fox news, after all

lua was probably used because it would have been unexpected, since it's apparently only rarely used for malware... although ironically it's also used for scripting network security software like nmap and wireshark

most people who hate lua hate it for other reasons (1-based, dynamic typing, not being like language xyz, etc); if anything this might give lua more exposure, or maybe it will break tiobe top 10 again lol

[Jasoco]

http://www.foxnews.com/scitech/2012/05/ ... gry-birds/

facepalm.gif