- Joined
- Jan 11, 2012
- Messages
- 5,134
- Reaction score
- 6,123
- Gender
- Undisclosed
- Political Leaning
- Undisclosed
LOL because length of code means anything at all. :roll:
Sorry, I just find these type of articles written by non-tech people hilarious. Maybe Wired will do an article on this.
I don't even know wtf you think I'm arguing. Are you really just disputing my assertion that length of code doesn't mean anything? Really?
Yes I am.......
Here is an article written by the guy whose organization, Kaspersky Lab, found the Flame malware Alexander Gostev, Aleks has headed the Global Research and Analysis Team at Kaspersky Lab since 2008, and specializes in all aspects of information security, including mobile malware. His responsibilities include detecting and analyzing new malware.
Mr. Gostev's take on the length of code:
How sophisticated is Flame?
First of all, Flame is a huge package of modules comprising almost 20 MB in size when fully deployed. Because of this, it is an extremely difficult piece of malware to analyze. The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a Lua virtual machine.
Lua is a scripting (programming) language, which can very easily be extended and interfaced with C code. Many parts of Flame have high order logic written in Lua - with effective attack subroutines and libraries compiled from C++.
The effective Lua code part is rather small compared to the overall code. Our estimation of development ‘cost’ in Lua is over 3000 lines of code, which for an average developer should take about a month to create and debug.
Why is it called Flame? What is the origin of its name?
The Flame malware is a large attack toolkit made up of multiple modules. One of the main modules was named Flame - it’s the module responsible for attacking and infecting additional machines.
Why is the program several MBs of code? What functionality does it have that could make it so much larger than Stuxnet?
The large size of the malware is precisely why it wasn’t discovered for so long. In general, today’s malware is small and focused. It’s easier to hide a small file than a larger module. Additionally, over unreliable networks, downloading 100K has a much higher chance of being successful than downloading 6MB.
Flame’s modules together account for over 20MB. Much of these are libraries designed to handle SSL traffic, SSH connections, sniffing, attack, interception of communications and so on. Consider this: it took us several months to analyze the 500K code of Stuxnet. It will probably take year to fully understand the 20MB of code of Flame.
The Flame: Questions and Answers - Securelist