[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Lua in 'Flame' cyber-attack
- From: Peter Cawley <lua@...>
- Date: Mon, 28 May 2012 16:56:44 +0100
News articles about the 'Flame' cyber-attack are starting to surface,
and the BBC's piece [1] has a picture which I immediately recognised
as looking like decompiled Lua. Further searching led to a report [2]
on the malware in question, within in figure 46 is a list of ".luac"
files, and section 6.1 talks about some of the Lua scripts (including
general items like json.luac and table_ext.luac). Unfortunately I
couldn't find any information about what version of Lua was used, what
decompilation was used, or whether things like json.luac were copies
of publicly available modules. Does anyone have any further
information on the role of Lua within this malware?
[1] http://www.bbc.co.uk/news/technology-18238326
[2] http://www.crysys.hu/skywiper/skywiper.pdf