Lua in 'Flame' cyber-attack

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Lua in 'Flame' cyber-attack
From: Peter Cawley <lua@...>
Date: Mon, 28 May 2012 16:56:44 +0100

News articles about the 'Flame' cyber-attack are starting to surface,
and the BBC's piece [1] has a picture which I immediately recognised
as looking like decompiled Lua. Further searching led to a report [2]
on the malware in question, within in figure 46 is a list of ".luac"
files, and section 6.1 talks about some of the Lua scripts (including
general items like json.luac and table_ext.luac). Unfortunately I
couldn't find any information about what version of Lua was used, what
decompilation was used, or whether things like json.luac were copies
of publicly available modules. Does anyone have any further
information on the role of Lua within this malware?


[1] http://www.bbc.co.uk/news/technology-18238326
[2] http://www.crysys.hu/skywiper/skywiper.pdf

Follow-Ups:
- Re: Lua in 'Flame' cyber-attack, Enrico Colombini

Prev by Date: Re: omission in lua_yield docs
Next by Date: Re: Lua in 'Flame' cyber-attack
Previous by thread: Re: [ANN] Lua-Núcleo 0.0.4
Next by thread: Re: Lua in 'Flame' cyber-attack
Index(es):
- Date
- Thread