Hacker News new | past | comments | ask | show | jobs | submit login

this was blindingly obvious to anyone that does anything with compilers and reverse engineering. there are some really big clues: the access to C functions from win32 is direct, with no visible FFI. the generated code has a lot of qualities shared with C code, in terms of control flow and stack usage, and it had a lot in common with the MS C compiler based on how it uses the stack.

that it deceived kaspersky this long is frankly disturbing.




Hindsight is 20/20.

It may have seemed obvious in hindsight, but some pretty bright people were looking at it, including compiler people at MS.

If it were truly so obvious, it's a shame you didn't end everyone's troubles when the mystery was originally posted here.


I didn't see the discussion on HN :)

it was posted to some (private) mailing lists I'm on, and I posted exactly the same thing there.


I agree. I personally can't believe Kaspersky were this incompetent. To me the entire thing sounds like a PR play. Just look at all the alarmist headlines they generated.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: