Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why not just use an off-the-shelf rootkit with off-the-shelf obfuscator + whatever exploits they discovered? None of the code has to be extremely valuable.

If I were CIA in the current political climate, I would simply slightly modify a Russian exploit toolchain and exfiltrate data to CIA controlled C&C. One dev can do the work and with a couple of days of effort it would get past all major AVs.



Might not want to do that in case the Russian's backdoored theeir exploit toolchain somehow and you didn't notice.

Creating this sort of malware isn't expensive, so why not do it.


I think this crowd tends to vastly underestimate the ease of deploying and testing this stuff in a targeted and useful way.

There's a big difference between broadband spray and pray malware, and malware you actually want to hit a target with.

If you know average tools won't detect it, then why get fancy when you have something that's proven reliable and if discovered is unlikely to have your victim substantially improve their processes?


If it's public the vulnerability might be patched. The whole point of these is that they were secret (though the concepts may or may not be novel).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: